UK’s Data Protection Act 2018 challenged for immigration exemptions

Share This Post

PICUM (the Platform for International Cooperation on Undocumented Migrants) have issued a press release saying they have “filed a formal complaint to the European Commission against the UK for flouting the EU’s regulation on data protection (General Data Protection Regulation, GDPR) by including a broad immigration control exemption in its new Data Protection Act.

The derogations under question relate to Schedule 2, Part 1, para 4 of the Data Protection Act 2018 which states that a number of GDPR individuals’ rights (including the right to be informed, right of access (subject access requests), right to erasure, right to restrict processing and the right to object to processing) don’t apply to immigration data, when the data is processed for “the maintenance of effective immigration control” or “the investigation or detection of activities that would undermine the maintenance of effective immigration control“.

Alyna Smith, Advocacy Officer at PICUM, said:

The UK Data Protection Act’s “immigration control exemption” runs exactly counter to the EU’s efforts to reinforce individuals’ right to the protection of their personal data. It carves out a space where public and private actors have wide discretion to access, use, share, and gather personal data, without the knowledge of affected individuals and with virtually no accountability. All this for immigration enforcement goals which are worringly vague and broad

The filing is supported by 10 other organisations (including Privacy and Liberty) who have co-signed it.

Article 23 of the GDPR allows EU member states to apply exemptions to GDPR for some types of processing where the data controller or processor maybe restricted by national law, but the filing says these derogations undermine the GDPR’s approach to ensure the rights and freedoms of data subjects are upheld.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy