ICO Complaint against the UK's GPS tagging of migrants

UK Information Commissioner's Office (ICO)

On 17 August 2022, Privacy International (PI) filed a complaint against the UK Secretary of State for the Home Department (Home Office) with the UK data protection authority, the Information Commissioner (ICO). PI's complaint challenges the collection, processing and sharing of location data of migrants released on immigration bail via the imposition of electronic monitoring (EM) through GPS ankle tags.

It is mandatory, under Schedule 10 of the Immigration Act 2016, for Foreign National Offenders to be subject to EM when released on immigration bail. However, anyone subject to immigration control, including asylum seekers in the course of their application or other proceedings, can be subject to GPS tagging. There is no time limit for how long an individual must wear a tag.

GPS tags monitor the location of an individual using satellite, radio frequency and mobile technology, collecting location data (referred to as “trail data”) at certain intervals. Trail data is particularly (1) voluminous, (2) sensitive, (3) granular and (4) open to misinterpretation. GPS tags also provide the ability to track an individual’s location in real time, in addition to reviewing their location history.

The Home Office can access trail data every time a breach of bail is notified by Electronic Monitoring Services (EMS), the service (provided by private company Capita) that runs GPS tagging under a contract with the Ministry of Justice. According to the Secretary of State's Immigration Bail Guidance, trail data can be used:

• If a breach of immigration bail conditions has occurred, or intelligence suggests a breach has occurred
• To be shared with law enforcement agencies
• To assess individuals' representations under their Article 8 right to private and family life

Due to systemic quality and accuracy failures reported in a parallel complaint we made to the Forensic Science Regulator, many breach alerts are inaccurate, with potentially severe consequences for individuals. In addition, the use of trail data to assess individuals' representations under their Article 8 right to private and family life is a considerable extension of purpose of the scheme, providing the Home Office with unprecedented ability to scrutinise an individual's daily activities in order to make substantive decisions on their immigration applications. 

This form of monitoring is a seismic change in the surveillance and control of migrants in the UK, causing tagged individuals serious feelings of anxiety, social exclusion, and sometimes causing re-traumatisation. We consider that the scheme violates people's human right to privacy and their right to data protection - amongst others, the Home Office fails to comply with its obligations under data protection law to process data in a way that is fair, transparent, necessary and proportionate.

Our complaint argues that the Home Office's EM policy and practice breaches the UK GDPR and DPA 2018 in a number of ways. In summary:

• 24/7 GPS monitoring is excessive and goes beyond the aims of the legislation. It falls outside the reasonable expectations of data subjects
• The ability to review all trail data in the event of a breach of bail conditions alert is not necessary for nor proportionate to the purpose of data processing
• There is no lawful basis to use trail data to assess individuals’ Article 8 representations and further submissions
• No transparency is provided to data subjects as to the nature and extent of data collection and processing
• The various uses and re-uses of location data do not comply with the purpose limitation principle
• GPS location data can be inaccurate and quality failures can produce inaccurate data, in violation of the accuracy principle
• This form of surveillance poses a considerable risk to the fundamental rights and freedoms of tagged individuals
• The scheme lacks safeguards

The Home Office are building a costly data-driven approach to immigration control by exploiting latest technological developments. This use of invasive and potentially flawed data to make life-changing decisions about people must be challenged.

The ICO has confirmed they have opened an investigation and are making enquiries of the Home Office and migrant rights charities. We call on the ICO to take action against these unbridled surveillance practices.

UPDATE March 2024

On 1 March 2024, our complaint resulted in the ICO taking action against the Home Office. It issued an Enforcement Notice against the pilot of GPS electronic monitoring of migrants, which it found had breached UK data protection law. It also issued a formal warning "stating that any future processing by the Home Office on the same basis will be in breach of data protection law and will attract enforcement action". Read our analysis of the decision.