Home Office – Violation Found (United Kingdom, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The UK's Home Office faced scrutiny for its GPS tracking project that monitored individuals on immigration bail. The Information Commissioner's Office found that the Home Office did not properly assess the risks of this monitoring. This matters because it highlights the importance of conducting thorough data protection assessments before implementing such projects.
What happened
The Home Office's GPS Expansion Pilot project involved tracking 600 individuals on immigration bail without adequate risk assessments.
Who was affected
Individuals on immigration bail who were fitted with electronic GPS tags for monitoring.
What the authority found
The Information Commissioner's Office ruled that the Home Office failed to conduct a proper data protection impact assessment, violating UK GDPR requirements.
Why this matters
This ruling emphasizes that government departments must prioritize data protection and risk assessments. Other organizations should ensure they evaluate the impact of their monitoring practices to avoid similar issues.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Home Office (controller) is a United Kingdom government department that is responsible for immigration, security and law. As such, it oversees matters related to visas, immigration, asylum and citizenship in the UK. The ICO initiated an investigation in August 2022, citing concerns about the controller's Satellite Tracking Services GPS Expansion Pilot project, which involved continuous electronic monitoring as a condition of immigration bail for individuals entering the UK via risky routes. The pilot initiative involved fitting up to 600 individuals with electronic GPS tags to monitor their movements as part of the immigration bail conditions. These participants were compared to a control group of another 600 individuals who were not subjected to electronic monitoring. The purpose of the electronic tags was to collect data on the tagged individuals’ locations over time, which the controller could use for various purposes, including ensuring compliance with immigration bail conditions and potentially aiding in the efficient processing of asylum claims. The ICO provisionally found that the controller failed to comply with Articles 35 and 5(2) of the UK GDPR. On 19 December 2023, it sent the controller a Preliminary Enforcement Notice and Notice of Intent to Issue a Warning. On March 2024, ICO issued an Enforcement Notice and Warning Letter. It identified breaches by the Home Office of Articles 35 and 5(2) UK GDPR, finding that the controller did not conduct an adequate data protection impact assessment (DPIA) for its satellite tracking services GPS expansion pilot and failed to demonstrate compliance with principles of lawfulness, transparency and data minimisation under Article 5(1) UK GDPR. The ICO found that the controller's processing required a DPIA because it was systematic, extensive, and was likely to result in a high risk to the rights and freedoms of natural persons. The processing was systematic and extensive because it involved automated proces
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Home Office in UK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Home Office - United Kingdom (2024). Retrieved from cookiefines.eu
Last updated: