A Home Office pilot scheme to place ankle tags on up to 600 migrants on immigration bail to track their location breached UK data protection law, a watchdog has said.

The Information Commissioner’s Office (ICO) said the Home Office had failed to sufficiently assess the risks posed by the electronic monitoring of people, including the privacy concerns around the continuous collection of a person’s location.

The data protection regulator said it had now issued an enforcement notice and a warning to the Home Office over the pilot, which orders the department to update its privacy policies and warns that data collection on a similar basis would spark enforcement action by the regulator.

The pilot had been evaluating whether electronic monitoring was an effective way to maintain regular contact with asylum claimants, while reducing the risk of absconding and offering a potential alternative to detention.

The ICO said it had been in discussion with the Home Office about the scheme since August 2022, after concerns about the pilot were raised by Privacy International.

The pilot scheme ended in December 2023, but the ICO said the Home Office continues to have access to data gathered during the trial.

Having examined the scheme, the data protection watchdog said the Home Office had also failed to assess the potential impact on people who may already be in a vulnerable position because of their immigration status, for reasons such as the conditions of their journey to the UK, or English not being their first language.

The ICO said the Home Office did not sufficiently consider how to mitigate against those risks, for example by providing clear information about why people’s location data was being collected and how it would be used.

The regulator added that throughout its enquiries, the Home Office had also been unable to adequately explain why it was necessary or proportionate to access the data it collected.

Information Commissioner John Edwards said: “Having access to a person’s 24/7 movements is highly intrusive, as it is likely to reveal a lot of information about them, including the potential to infer sensitive information such as their religion, sexuality, or health status.

“Lack of clarity on how this information will be used can also inadvertently inhibit people’s movements and freedom to take part in day-to-day activities.

“If such information were to be mishandled or misinterpreted, it could potentially have harmful consequences to people and their future.

“The Home Office did not assess those risks sufficiently, which means the pilot scheme was not legally compliant.

“We recognise the Home Office’s crucial work to keep the UK safe, and it’s for them to decide on what measures are necessary to do so.

“But I’m sending a clear warning to the Home Office that they cannot take the same approach in the future. It is our duty to uphold people’s information rights, regardless of their circumstances.”

In response, a Home Office spokesperson said: “We are disappointed that the ICO has issued this notice and whilst acknowledging improvements to documentation could be made, we reject the claim that the privacy risks of the scheme weren’t sufficiently addressed.

“The pilot was designed to help us maintain contact with selected asylum claimants, deter absconding and progress asylum claims more effectively.

“We will now carefully consider the ICO’s findings and respond in due course.”

Under the enforcement notice issued, the Home Office has been ordered to update its internal policies, access guidance and privacy information in relation to data it retained from the pilot scheme.

The formal warning issued alongside the notice states that any future data processing on the same basis by the Home Office would breach data protection law and would see the ICO take enforcement action.