The Home Office has been responsible for more than 20 data breaches a month in the administration of the EU settlement scheme, including losing passports and sending ID cards to wrong addresses, a new report shows.
The Independent Chief Inspector of Borders and Immigration (ICIBI) said the scheme breached General Data Protection Regulation (GDPR) law 100 times between April and August last year – which campaigners said had “sinister implications” for the planned digitisation of the wider immigration system.
A report by the immigration watchdog also raised concerns about a lack of support for vulnerable applicants, hidden costs of applying and a lack of transparency and detail in the Home Office data.
Campaign groups supporting EU nationals applying for settled status said the findings backed up EU citizens’ worries about the Home Office losing, sharing or deleting their records and data, and said it highlighted the risks of digital-only systems.
In total, 3.2 million people have so far registered for EU settled status, which they must obtain in order to continue living legally in the UK after June 2021. Of these, 2.7 million have been granted status – meaning around 500,000 applications are currently going through the system.
The Home Office apologised last April for committing a potential data breach of EU nationals after “inadvertently” sharing the email addresses of 240 applicants with others who had applied under the scheme.
But the ICIBI report revealed there had been scores of other data breaches in the handling of EU nationals’ documents and information in the space of less than half a year, including 13 incidents of ID documents being misplaced within the EU settlement scheme office and 27 incidents of personal documents being sent to the wrong address.
Chief Inspector David Bolt said: “The information provided to inspectors regarding data breaches was concerning, not least the increase in breaches each month between April and July 2019. Most of those to the end of June were due to a postal company rather than EU settlement scheme staff or processes.
“Data breaches damage public confidence, and applicants will blame the Home Office, whether or not this is fair. It is therefore important for the Home Office to do everything it can to keep breaches to a minimum. Most appear to have involved document handling errors, and these should be easiest to prevent with clear instructions and good organisation.”
His report also raised concerns about the “hidden” costs of applying to the scheme, in particular the cost of calls to the Settlement Resolution Centre, which may take longer because the case is complicated or because the applicant has difficulty understanding the advice.
The ICIBI said the Home Office should consider whether in removing the fee last year it had done enough to make the application process genuinely free and therefore accessible to all applicants.
The report also states that the Home Office should be clearer about what it will do with regard to making “reasonable enquiries” on behalf of vulnerable individuals, such as looked-after children, who find it difficult to prove their entitlement to apply.
The Independent reported last year thousands of vulnerable EU children could face losing their rights after Brexit because of what campaigners described as “woefully inadequate” support from the Home Office to assist them with applying.
Mr Bolt also warned that the scheme’s backlog was “relatively large”, with more than 180,000 considered to be “in progress” – which he said could lead to a “last-minute rush” of applications as the deadline of June 2021 approaches.
Maike Bohn, co-founder of campaign group the3million, said: “The report backs up EU citizens’ worries about the Home Office losing, sharing or deleting their records and data. It is not correct to say that a digital status cannot be lost or damaged and we all know the risks of digital-only systems.
“Almost daily we experience and read about systems being temporarily unavailable, hacked, records breached. The fact that the status can be shared with ‘others anywhere’ is in fact a cause for major concern.”
Ms Bohn said this raised wider questions about the transparency and effectiveness of the scheme, adding: “Why do we only hear about these issues through inspections, why can’t the Home Office be up front?
“If this is truly about getting people through to the status they need, the Home Office needs to be more open and honest about the issues and take criticism constructively, as the inspector alludes to.”
Caitlin Boswell Jones, project officer at the Joint Council for the Welfare of Immigrants, warned that the data breaches had “sinister implications” for the digital system the Home Office intends to roll out and extend across the whole immigration system “without any transparency or public scrutiny”.
She said the “hidden costs” discriminated against EU nationals and meant marginalised groups would struggle to apply, making them more likely to fall out of status and feel the full force of the hostile environment.
“The only way to protect EU citizens’ rights is for Boris Johnson to keep the promises that he made during the EU referendum by immediately granting automatic settled status to all EU nationals and their family members,” Ms Boswell Jones added.
A Home Office spokesperson said: “We’re pleased that the inspector praised the Home Office’s management of the EU settlement scheme and recognised the wide range of support available online, by phone, and in person.
“We take data protection very seriously and have apologised personally to those affected. We have already taken steps to stop them happening again. It is the biggest scheme of its kind in British history, and we have granted nearly 2.9 million status with over a year to go.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies