惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
K
Kaspersky official blog
A
Arctic Wolf
Attack and Defense Labs
Attack and Defense Labs
L
LINUX DO - 热门话题
N
News | PayPal Newsroom
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
B
Blog RSS Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
W
WeLiveSecurity
Know Your Adversary
Know Your Adversary
博客园 - Franky
T
Tenable Blog
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Help Net Security
Help Net Security
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
TaoSecurity Blog
TaoSecurity Blog
S
Security Affairs
J
Java Code Geeks
小众软件
小众软件
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Apple Machine Learning Research
Apple Machine Learning Research
NISL@THU
NISL@THU
O
OpenAI News
The Cloudflare Blog
月光博客
月光博客
Google Online Security Blog
Google Online Security Blog
V
V2EX
罗磊的独立博客
美团技术团队
博客园 - 三生石上(FineUI控件)
Security Latest
Security Latest
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏

Open Rights Group

Wanted: Government to fix the ICO Joint Letter: Protect VPNs Civil society organisations call for ICO to be investigated over eVisas The end is nigh for US data transfers How AI in asylum decision-making drives failure and cost Dear Andy, we need a complete reset on digital policy John Edwards resignation is opportunity to appoint a regulator with teeth AI in Asylum Decisions: Transparency and Accountability Failures Stop Killing the Internet: New global movement launches MPs urged to vote for a Digital Sovereignty strategy The social media policy ratchet Starmer’s social media ban fails to address root causes of online harms This refugee week, take courage! The rise of copyright trolling Growing up in an online world: ORG Consultation Response Reset the ICO The ICO isn’t doing its job – why the data watchdog needs an overhaul The ICO isn’t doing its job – why the data watchdog needs to be reset ORG response to ICO call for views on our approach to regulating online advertising ORG response to Consultation on the ICO’s approach to data protection complaint handling Companies and civil society warn that UK is undermining open web Papers Please! MPs back mass online digital ID checkpoints MPs call for publication of secret documents that outline chronic risks from UK’s dependence on Big Tech New report: UK needs digital sovereignty strategy to address threats from reliance on big tech The case for Digital Sovereignty and the Digital Commons After the LA Court verdict, the UK must disrupt surveillance capitalism business models 13 year olds could be compelled to use unregulated age verification Children’s Wellbeing and Schools Bill: Analysis of Amendment 38b ICO must investigate Reform ‘competition’ for data protection breaches Break privacy to make privacy? Age verification isn’t the answer Home Office use of AI in asylum cases likely to be unlawful, legal opinion finds Legal Opinion: The use of Artificial Intelligence tools in asylum cases MPs give ministers powers to restrict entire Internet Board Election Results Palestine Action ruling: Human rights organisations call for Ofcom to issue guidance on content takedowns
Open letter for an investigation into the ICO over eVisas
07 July, 2026 · 2026-07-07 · via Open Rights Group

Dear Dame Chi Onwurah MP,

We are a coalition of 20 civil society groups and experts, active in the fields of immigration policy, data protection, and human rights. We wish to thank the Science, Innovation and Technology Select Committee for raising the issue of eVisa problems during a hearing on data security in government, held on 10 February, 2026.

Due to ongoing instability in the Home Office digital programme, eVisa holders face challenges accessing and proving their immigration status. In a letter sent on 27 November, 2025, we asked the Information Commissioner’s Office to intervene against the numerous infringements of UK data protection law that underpin the eVisa scheme.

Thus, we urge the Select Committee for Science Innovation and Technology to support the previous letter received by your Committee, and urge you to open an inquiry into the ICO oversight failures. 

Since its rollout, the eVisa scheme has been affected by glitches and data security issues

UK residents trying to prove their status with eVisas have been facing data entanglement issues- when personal data of an eVisa holder and another, unrelated third party end up being mixed up – as well as denial in accessing the service, generating proof of immigration status, or rectifying or updating incorrect or outdated personal data. As you have correctly pointed out in your intervention during the February 10 hearing, eVisa issues include  data breaches,  the integrity, availability and confidentiality of personal data. We also commend that the “operational and security problems relating to the eVisa system” were recognised in your Committee’s recent report on Digital ID. 

As a study by the3million has found, these issues are systemic and rooted in design and architectural choices. Further, data collected by the Report.it! platform shows that eVisa holders have been encountering these issues consistently over the past six years. 

However, the Home Office has refused to disclose how many of such incidents they recorded, or how many people have complained or sought assistance. We acknowledge that the Home Office has recognised that mistakes are being made and have indicated their intention to resolve them. Nevertheless, it is essential to understand the timescales involved, what transparency they intend to offer on systemic issues and in what forums, and whether they plan to publish a roadmap against which the Select Committee could hold them to account. 

We identified and listed numerous failures to comply with UK data protection law by the Home Office. These include failures to adhere to baseline data protection principles, or to conduct and publish Data Protection Impact Assessments (DIPAs) before rollout and throughout the eVisa lifecycle. In light of the above, we also urged the Information Commissioner to open an investigation.

Indeed, we were not the first to raise such issues with the ICO. The press reported that, following a complaint made by a member of the public, the ICO had already determined in June 2025 that the Home Office breached UK data protection law. That complaint was not an isolated case: as disclosed in response to a Freedom of Information request, the ICO received 851 complaints against the Home Office only within the last two years. The volume of complaints against the Home Office is so significant that the ICO would exceed the cost threshold of the FOIA regime if they were to review and identify which complaints relate specifically to eVisa failures. Against this background, the Information Commissioner’s Office is yet to take any action to remedy eVisa data protection infringements. 

Unfortunately, this follows a pattern that emerged within the evidence discussed in your inquiry into data security in government. As your committee has heard during the February 10 hearing, the government is still working on implementing the recommendations from the Information Security Review, which should have been implemented in full by the end of 2024. Despite these delays, and the very consequential incidents that followed, the ICO has yet to take action, and have so far only sent a letter to “urge” the government to move faster.

While the ICO delays action to remedy these issues, it is eVisa holders who pay the price

As the “Exclusion by design” report shows, eVisa failures prevent individuals from proving their status when they need it to enter the country, from applying for jobs or getting a pay rise, from o enrollingin education, from claiming benefits. The human price of non-compliance is high and unjustifiable: UK data protection law already provides for rules that ought to prevent these harms from occurring. It also gives the ICO the role to remedy such infringements and hold public authorities like the Home Office to account.

In fact, the Administrative Court found, in their recent judgement, that the Home Office is able to fix eVisa failures when sufficient pressure is applied. The ICO is the authority with the statutory powers and the Parliamentary mandate to apply such pressure. Further, Parliament has also given individuals the power to raise complaints to the ICO for free, and to seek remedial action without the costs and procedural burdens associated with Judicial Reviews.

There is a risk of reduced scrutiny towards public bodies and diminished responsiveness to public complaints by the ICO.

The ICO has recently signed a memorandum of understanding with the government which was described, by government officials, as a shift away from a relationship of opposition to a relationship of partnership. Likewise, the ICO adopted a new complaints policy, according to which individual complaints would be routinely disregarded unless they reach an unspecified numeric threshold.

As the Home Affairs Select Committee have pointed out in their recent report about digital identity, restoring public trust and ensuring strong safeguards are necessary to deliver digital identity schemes. As the issues surrounding the eVisa scheme demonstrate, these important recommendations risk remaining unmet insofar as the ICO refrains from holding the government to account, to intervene when they get it wrong, and to protect the public from harm.

In light of the above, we urge the Select Committee for Science, Innovation and Technology to:

  • Open a comprehensive inquiry into the Information Commissioner’s Office and their failure to carry out their oversight duties under the law.
  • Investigate what institutional changes are needed to strengthen the ICO ability to oversee the government and other public bodies, also to support the implementation of the recommendations of the Home Affairs Committee’s Report on digital identity.
  • Further investigate eVisa data practices, governance and failures, to inform the broader inquiry into data security in government.
  • Ask the Home Office to disclose the data they hold concerning the amount of data security incidents, complaints and requests for support they received from the public in relation to the eVisa scheme. We note that on 1 July, the Home Office published error correction volumes from the online webform, but this does not show the volume of requests for support.

Signatures:

BARAC UK
ILPA
Imkaan
Liverpool Advocates For Windrush (LAW)
Medact
Middle Eastern Women and Society Organisation (MEW)
Migrant Democracy Project
Migrant Voice
Migrants’ Rights Network
No Borders in Climate Justice
Open Rights Group
POMOC
Reunite Families UK
Reset Communities for Refugees
Sherrards Solicitors LLP
South East and East Asian Women’s Association
Status Now 4 All
Steve Newman
the3million
The William Gomes Podcast

Stop the e-Visa scandal