On 25 March 2022, the UK High Court ruled that the Home Office acted unlawfully and breached human rights and data protection laws by operating a secret, blanket policy of seizing, retaining and extracting data from the mobile phones of asylum seekers arriving by small boat to UK shores between April and November 2020.
Key points
• Today, the UK High Court ruled that the secret and blanket policy of the UK Home Office to seize migrant's phones breached Article 8 ECHR and data protection laws.
• Looking through someone's phone, possibly the most extensive and intimate record of their private life, requires serious justification.
• Privacy International (PI) intervened in this case challenging the practice of seizing mobile phones of asylum seekers arriving in the UK by small boat in 2020.
• The Court also stated that the Home Office cannot rely on s.48 Immigration Act 2016, which relates to searches of premises, to search asylum seekers.
• The Home Office has referred itself to the Information Commissioner for data protection breaches.
Background
Today judgment has been handed down in the landmark case of R (HM and MA and KH) v Secretary of State for the Home Department.
This is a Judicial Review decision concerning the UK Home Office's secret and blanket policy of seizing mobile phones of all migrants who arrived to the UK by small boat between April 2020 and November 2020, and extracting data from all phones. PI was a third party intervener in the case.
The case revealed that migrants were searched on arrival at Tug Haven in Dover and compelled to hand over their mobile phones and provide their PIN numbers. The Home Office admitted that the policy to seize phones was unlawful (amongst other "very significant concessions") and the Court found that migrants shouldn't have been compelled to provide their PIN numbers. During the course of proceedings, it came to light that the Home Office had self-referred itself to the Information Commissioner's Office for breaches of the Data Protection Act 2018.
Privacy International intervened in the case and made written submissions supported by witness evidence, demonstrating the considerable privacy intrusion caused by extracting data from someone's mobile phone. PI argued in submissions that the Home Secretary had not discharged her burden of justifying the proportionality of the measure to its objective.
The good news
In this landmark ruling, the Court confirmed that section 48 Immigration Act (IA) 2016 does not authorise a search of individuals. This is a significant finding, as the Secretary of State for the Home Department (SSHD) was relying on this provision in order to seize mobile phones from migrants, i.e. to seize items that come to light during the search of a person, despite the fact that s.48 IA 2016 is confined to a search of premises. Today, the Court confirmed that a power to search individuals cannot be inferred from the existence of a power to search premises. This is a welcome decision considering the substantial interference with individuals' rights involved in searches of persons. As the Court noted, seizure from persons must be clearly and unambiguously authorised by statute.
"If Parliament sees a need for further legislation to address the problem, then it is for Parliament to do that, and not for the executive to assume powers on the basis of an impermissible construction of existing legislation." [§92]
Further, the judgment also confirms that the blanket and secret policy to seize mobile phones from asylum seekers violated Article 8 of the European Convention on Human Rights (ECHR) - interference couldn't be justified under Article 8(2) ECHR, in particular because the Home Office did not have legal powers to blanket seize phones.
The Court also held that obtaining access to private material contained on the phones, by demanding PIN numbers without any lawful authority and using a threat of prosecution to obtain this, was a further clear intrusion into the Article 8 rights of the claimants.
"It's quite clear that the Home Office considered that asylum seekers arriving on UK shores did not have the same privacy rights as other people - it unashamedly granted itself unlawful powers to systematically seize and search their phones, even when they weren't suspected of any crime. This is in line with this government's (and many others') efforts to criminalise migration and rob migrants of their basic human rights." Lucie Audibert, Lawyer & Legal Officer
Our continuing concerns
Serious questions remain regarding the Home Office's practice of searching for, seizing and retaining data from mobile phones taken from individuals who arrived in the UK as migrants in small boats from France.
As previously mentioned, the Home Office referred itself to the Information Commissioner's Office (ICO) during the course of these proceedings. As a result, the Court did not resolve arguments around whether the seizure and extraction of asylum seekers' phones also breached the Data Protection Act 2018 (DPA 2018). We continue to believe that the Home Office's policy and practice of extracting data from phones breached data protection legislation in many respects, and we hope the ICO will find accordingly and exercise its enforcement powers, notably in respect of the policies currently in force - which continue to invade migrants' privacy.
Whilst the Home Office's policy of demanding PIN numbers without the requisite statutory powers (being s.49 RIPA 2000 which requires the permission of a judge and contains substantial safeguards) has been found unlawful, it is of concern that they are now operating a policy that relies on consent, echoing the powers in the Policing Bill which have faced significant opposition. As PI and others have stated, the use of consent fails to appreciate the inherent power imbalance between immigration officers and individuals, nor the breadth of data which can be obtained - of which an individual will have little understanding.
The litigation also brought to light the Home Office practice of 'washing', which we refer to in detail in our witness statement and it is noted by the Court in its judgment that "Further emails also show that at this point Immigration Enforcement and the NCA were acting together at the request of Ministers to download all the phones which had been seized and to "wash the data" in the words of one later email." [§39]
The process of washing appears to refer to data cleansing, i.e. tidying up the records in respect of an individual by detecting, correcting or removing corrupt or inaccurate records. As noted in our witness statement, the Home Office "[wash] data through multi-agency databases. Identifying and analysing data of interest."
Finally, it is worth noting the apparent failure by the Home Office to comply with her duty of candour. This duty relates to being open and honest. The Home Office was in particular accused of denying the existence of the secret and blanket policy in the early stages of proceedings, when asked about the existence of such a policy by the claimants' legal team. The Court has repeatedly raised this in the judgment referring to the "serious problems that have arisen in these proceedings concerning the defendant's duty of candour" [§40], which will be considered at a further hearing.
For more information see our case page.