GDPR

UK Home Office Receives Enforcement Notice Over Migrant GPS Tagging Data Risks

Published:

Aerial view of city
Home ยป Articles ยป UK Home Office Receives Enforcement Notice Over Migrant GPS Tagging Data Risks

The UK Home Office has been issued an enforcement notice alongside a stern warning by the Information Commissioner’s Office (ICO) for inadequately assessing the privacy implications of electronic monitoring of migrants. This action follows discussions with the ICO regarding a controversial pilot program that tracked the GPS locations of up to 600 migrants who entered the UK via unauthorised routes and were in immigration bail. The pilot involved the use of electronic tagging.

Despite the pilot concluding in December 2023, the Home Office has maintained possession of the GPS data, continuing to access, utilise, and share it with external entities. The ICO has mandated a comprehensive revision of the Home Office’s internal policies and directives that govern access and privacy related to the data amassed from the pilot.

The Enforcement Notice and its Significance

The ICO’s enforcement notice serves as a directive requiring immediate action. It highlights non-compliance with data protection laws and calls for updates in the handling of sensitive information. Should the Home Office replicate similar data processing in the future, it would constitute a direct violation of data protection legislation, inviting further enforcement measures.

Potential Repercussions for Non-Compliance

Although the notice in itself is a call to action rather than an immediate fine or penalty, it signals potential legal repercussions for the Home Office. The order that a fine will be imposed in the future is at odds with the ICO’s more recent policy to shy away from issuing fines to government departments or threatening the use of a fine.

The Risks of Location Data

Location data is particularly sensitive data. The nature of how it’s collected means that an intricate picture of a persons life can be inferred solely from that data. This makes it a big privacy risk. This case highlights not just the risks of processing sensitive data but also the risks of processing the personal data of individuals who may not have the means to understand the implications of this data processing.

The full decision can be read on the ICO’s website.

Author

  • Scott Dooley

    Scott Dooley is a seasoned entrepreneur and data protection expert with over 15 years of experience in the tech industry. As the founder of Measured Collective and Kahunam, Scott has dedicated his career to helping businesses navigate the complex landscape of data privacy and GDPR compliance. With a background in marketing and web development, Scott brings a unique perspective to data protection issues, understanding both the technical and business implications of privacy regulations. His expertise spans from cookie compliance to implementing privacy-by-design principles in software development. Scott is passionate about demystifying GDPR and making data protection accessible to businesses of all sizes. Through his blog, he shares practical insights, best practices, and the latest developments in data privacy law, helping readers stay informed and compliant in an ever-changing regulatory environment.

    View all posts

Popular posts on Measured Collective

  1. Can an individual get a GDPR fine?
  2. GDPR & Google Workspace: How to stay compliant with GDPR
  3. GDPR legitimate interests assessment guide & worked example
  4. What is considered “disproportionate effort” under GDPR?
  5. Is Google Forms GDPR compliant?

Now Available to Start Immediately:

GDPR Online Training Course

There's no time like now, to give your team the training they need.

Article: Do I need ongoing GDPR training?

New to the site

Measured Collective Logo in White on Transparent