Nationality and Borders Bill

Written evidence submitted by Statewatch (NBB38)

Statewatch is a non-profit-making voluntary group founded in 1991 comprised of lawyers, academics, journalists, researchers and community activists. Our European network of contributors is drawn from 18 countries. We undertake and encourage the publication of investigative journalism and critical research in Europe in the fields of the state, justice and home affairs, civil liberties, accountability and openness.

We welcome the opportunity to provide input to the parliamentary scrutiny of the Nationality and Borders Bill. We echo the concerns of many organisations working on human rights, particularly the human rights of migrants and asylum seekers. As an organisation wi th expertise in the human rights implications of digital structures and data processing, Statewatch calls the attention of the Committee to the following:

· How Clause 60 of the Nationality and Borders Bill would impact on rights to a private and family life (Article 8 ECHR), freedom from discrimination in the enjoyment of human rights (Article 14 ECHR) , and the UK’s obligations under the Geneva Convention .

Key points

· Clause 60 allows for the Home Secr e tary to establish an Electronic Travel Authorisation scheme by means of r egulations, subject to the affirmative resolution procedure ;

· Such a scheme would require the gathering and processing of personal data (including sensitive personal data) from tens of millions of people , for the purpose of determining whether or not they could travel to the UK ;

· The government has not demonstrated the necessity of such a scheme , which c ould unjustifiably impinge upon:

o The right to a private and family life (Article 8 ECHR ) ;

o The right to freedom from discrimination (Article 14 ECHR ) ;

o Obligations to protect refugees and the prohibition on refoulement (the 1951 Refugee Convention ) ;

· Introducing such a scheme by regulation would grant the Home Office significant discretion over its parameters , limiting the possibility for parliament to ensure that sufficient rights protections are included .


Clause 60: Electronic t ravel authorisations

Clause 60 of the Nationality and Borders Bill states:

"(1) The Secretary of State may make regulations about electronic travel authorisations.

(2) The regulations may in particular make provision-

(a) requiring an individual to have an electronic travel authorisation before travelling to the United Kingdom,

(b) imposing civil penalties on owners of ships or aircraft which carry individuals in breach of a requirement to have an electronic travel authorisation,

(c) about biometric information to be provided with an application for an electronic travel authorisation, and

(d) about the recognition of electronic travel authorisations issued in the Channel Islands and the Isle of Man."

The purpose of such a scheme would be to evaluate the eligibility of travellers who do not require a visa to enter the UK and prevent them from travelling should they not meet the desired requirements – in the words of the Home Office, "block the entry of those who present a threat to the UK . " [1] Other countries operating such schemes include the USA (Electronic System for Travel Authorisation, ESTA), Canada (Electronic Travel Authorisation (ETA ) and Australia (Electronic Travel Authority, ETA). The EU is also in the process of developing a European Travel Information and Authorisation System (ETIAS).

Such systems, generally speaking, require that travellers fill out an online form with various items of personal data ( e.g. name, address, occupation, educati on level, family details ), and to make a number of declarations (e.g. whether they have any criminal convictions , or whether they have ever been involved in any form of terrorist activity) . This information is then cross-checked against other national or international databases ( e.g. those run by Interpol), and applications may also be subject to algorithmic profiling. [2] It is generally stored for a number of years and can be made accessible to other bodies, such as law enforcement agencies, subject to certain conditions. The introduction of such a scheme would represent a new barrier to international mobility, effectively introducing a form of visa for tens of millions of people that do not currently require one .

There is little public information on the effectiveness of these schemes. A 2016 report by the US Government Accountability Office cites a claim by the Department for Homeland Security’s Assistant Secretary for International Affairs that over 165,000 ESTA applications had been denied since 2008 by cross checking applications with data on lost and stolen passports, "potentially preventing criminals or terrorists from using stolen passports to illegally enter the United States." The same official is reported as saying that "since 2008, CBP has denied over 4,300 ESTA applications for national security concerns as a result of vetting against the Terrorist Screening Database and other terrorism-related databases." [3] However, it is unknown how many of those refusals were incorrect (and whether they were subsequently subject to successful appeal) , nor what the number of refused ESTA applications is as a proportion of the total number.

The reg ulations provided for by Clause 60 would be made by the affirmative resolution procedure . Given the implications of such a scheme for the rights of tens of millions of foreign nationals, we do not believe this will allow for the scrutiny and debate required .

The right to a private and family life (Article 8 ECHR)

The type of scheme proposed by the Bill would require the processing of a significant amount of personal data on vast numbers of people. It is also clear that the scheme may require the processing of biometric data, a particularly sensitive form of data that requires "specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms." [4]

Any processing of personal data must be both necessary and proportionate. I t must be asked what need there is for an electronic travel authorization system: can it be demonstrated that visa-exempt travellers present a particular "threat to the UK"? If so, what is the scale of that threat and does it justify impinging upon the rights of every visa-exempt travelle r ? Given the existence of other schemes that play a similar role (for example, requirement for airlines to communicate Passenger Name Record data to the authorities prior to departure ), what would the added value be in introducing an electronic travel authorisation? The government must demonstrate that there is a clear need for such a scheme , something that it has not yet done.

Should such a scheme be proven necessary, it must then meet the requirement of propor tionality – that is to say, data processing must not go beyond that which is necessary to attain the desired ends. Herein lies the risk of the affirmativ e resolution procedure: it would not allow for meaningful parliamentary scrutiny and debate over the substance and functioning of an electronic travel authorisation scheme, leaving the Home Office with significa nt discretion.

This gives rise to significant concerns, given the way the Home Office has dealt with the personal data of c itizens and non-citizens alike. The Windrush scandal is the most egregious example of these failings, but a matter particularly relevant for this case is the use of an algorithm that discriminated on the basis of nationality to assist in processing visa appl ications . [5] The risks posed by such algorithms may be compounded by any government attempt to revoke or significantly rewrite Article 22 of the GDPR, removing or reducing human oversight of automated decision making t hat has legal or other significant impacts on individuals. [6] This would further reduce the data protection standards for immigration control . [7]

In this context, and that of the Home Office’s data strategy, which foresees a signif icant increase in data-sharing between the bodies and agencies of the Home Office and other government departments, [8] MPs should be cautious about granting the Home Office such a level of discretion over the parameters of an electronic travel authorisation scheme.

The right to freedom from discrimination (Article 14 ECHR)

Travel authorisation systems generally make use of profiling tools in order to inform decision-making about a person’s eligibility to enter the territory. As noted above, it has been demonstrated that the Home Office has used racist, discriminatory algorithms for processing visa applications. The type of scheme being proposed provides ample scope for similar techniques to be applied, particularly in a context where the government is considering reducing protections against fully automated decision-making, pointing again to the need for greater scrutiny both of the legislation establishing such a system, and – should it be approved – how it functions in practice.

Obligations to protect refugees and the prohibition on refoulement (the 1951 Refugee Convention)

The introduction of an electronic travel authorisation may create a barrier to those needing to flee countries owing to well-founded fear of being persecuted for reasons of race, religion, nationality, membership of a particular social group or political opinion. Denial of an ETA to an individual needing to flee a country would compel them to undertake a more dangerous route, for example, by using the services of people smugglers.

The data-sharing involved in the travel authorisation system may in itself put a person at risk. Many such schemes involve cross-checking applicants’ data with Interpol’s databases on travel documents, which have been misused by states seeking to persecute their citizens abroad. [9] The design of a travel authorisation system must take these risks into account to ensure adequate safeguards.


The Joint Committee’s call for evidence includes the following questions:

· Is Home Office decision making in immigration matters that raise human rights concerns sufficiently independent and rigorous to ensure that human rights are properly respected?

· Is the Bill otherwise compliant with the European Convention on Human Rights (ECHR)?

We do not believe that the Home Office can or should be trusted with the sensitive personal data of tens of millions of people who do not currently require any form of travel authorisation to travel to the UK. At a very minimum, MPs must demand proper legislative scrutiny over the proposed system in order to ensure that safeguards, checks and balances are properly accounted for in order to ensure that human rights are fully respected and that it is compliant with the ECHR.

Clause 60 introduces a situation in which decision making on arrivals to the UK will be made by the same body, the Home Office, as the one establishing safeguards on the processing of biometric and personal data. This does not provide sufficient independence and risks jeopardising rights to freedom from discrimination and to a private and family life. The Bill is therefore not compliant with Articles 8 and 14 of the ECHR.

October 2021


Prepared 19th October 2021