The U.K. adopted an “immigration exemption” clause in the 2018 Data Protection Act1 in which European Union (EU) citizens are denied access to their personal records with the U.K. Home Office2. This left those EU citizens in a weaker position to object to any information, decisions, and rulings made by the U.K. Home Office with respect to decisions and policies decided affecting them and, as concerns the below-discussed case, their EU settlement status.3
On 26 May 2021, the U.K. Court of Appeal ruled4 that not allowing EU citizens to access their personal records with the U.K. Home Office is a breach of their fundamental human rights5 and the general data protection rules (GDPR)6.
WHY THIS MATTERS
The ruling makes it possible for EU citizens who are denied settled status in the U.K. or future immigration visas to the U.K. to have access to the databases and records containing information used in the decisions by the authorities concerning them, including information about social benefits, civil offence records, etc.
The case itself concerns the U.K. Home Office, but it is reasonable to expect that other bodies must uphold the same level of transparency towards EU citizens as it is set out in this ruling.
The immigration exemption to personal data records is laid down in the 2018 Data Protection Act (DPA) saying that certain rights protected by the GDPR do not apply when data is processed for the following purposes:
- Paragraph 2, Schedule 2 (DPA)7
(a) the maintenance of effective immigration control, or
(b) the investigation or detection of activities that would undermine the maintenance of effective immigration control.
On the basis of this Act, the Home Office could deny access to files that hold information on immigrants. A denial of access to personal records undermines EU citizens’ legal right to challenge decisions by the Home Office.
The Court of Appeal found that this immigration exemption is not compliant with GDPR8 and the charter of fundamental rights of the EU9.
The judgement ruled against the Home Office’s considerations that effective immigration control should weigh more than individual rights to access own data.
The judges noted in the ruling that the Home Office relied on the immigration exemption in 59 percent of the cases since DPA came into force10.
The case concerns individual access to information about immigration cases. However, it is reasonable to expect that the same standard for transparency of personal records is to be upheld not only by the Home Office in the U.K., but all other bodies too.
Companies should familiarise themselves with the requirements for EU citizens going to the U.K. to work and/or live in order to foster compliance and help ensure business continuity.
1 The U.K. Data Protection Act (2018) is based on the EU General Data Protection Regulation (GDPR), No 2016/679 (4 May 2016).
2 For information about the Home Office, see: https://www.gov.uk/government/organisations/home-office/about .
3 Following Brexit, EU citizens living in the U.K. must apply for a “settled status scheme” if they want to continue living in the United Kingdom. EU citizens moving to the U.K. after 1 January 2021, must apply for a visa in order to move to the United Kingdom (see: https://www.gov.uk/browse/visas-immigration/eu-eea-swiss ). EU citizens who have been in the U.K. continuously for five or more years wishing to obtain “settled status” must apply for it (the deadline for applying is 30 June 2021) and, if granted, will be awarded such status in the U.K., entitling them to certain benefits. For further information, see: https://www.gov.uk/settled-status-eu-citizens-families .
4 England and Wales Court of Appeal (Civil Division) Decisions: The Open Rights Group & Anor, R (On the Application Of) v The Secretary of State for the Home Department & Anor  EWCA Civ 800 (26 May 2021). See: https://www.bailii.org/ew/cases/EWCA/Civ/2021/800.html. (Note that this is a 3rd party (non-governmental, non-KPMG) website. Providing this link does not represent an endorsement of this website by KPMG.)
5 Charter of Fundamental Rights of the European Union (18 December 2000) creates a basis for the U.K. 1998 Human Rights Act. The Charter stipulates in Article 8 that data must be processed fairly for specified purposes and everyone has the right to access data concerning him/her.
6 See footnote 1.
7 See footnote 1.
8 See footnote 1.
9 See footnote 4.
10 Premise (16) in the judgement by the Court of Appeal, Appeal No. C1/2019/2726/QBACF (London, 26 May 2021). (See: https://www.bailii.org/ew/cases/EWCA/Civ/2021/800.html .) (Note that this is a 3rd party (non-governmental, non-KPMG) website. Providing this link does not represent an endorsement of this website by KPMG.)
* Please note the KPMG International member firm in the United States does not provide immigration or labour law services. However, KPMG Law LLP in Canada can assist clients with U.S. immigration matters.
The information contained in this newsletter was submitted by the KPMG International member firm in The Netherlands.
Connect with us
Want to do business with KPMG?
Stay up to date with what matters to you
Gain access to personalized content based on your interests by signing up todaySign up today
© 2021 KPMG Meijburg & Co., a Netherlands partnership and a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.
Flash Alert is an Global Mobility Services publication of KPMG LLPs Washington National Tax practice. The KPMG logo and name are trademarks of KPMG International. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International provides no audit or other client services. Such services are provided solely by member firms in their respective geographic areas. KPMG International and its member firms are legally distinct and separate entities. They are not and nothing contained herein shall be construed to place these entities in the relationship of parents, subsidiaries, agents, partners, or joint venturers. No member firm has any authority (actual, apparent, implied or otherwise) to obligate or bind KPMG International or any member firm in any manner whatsoever. The information contained in herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.