Despite longstanding data protection issues with the Home Office’s electronic visa system being flagged five months ago, the UK’s data regulator is yet to take any actionThe United Kingdom’s data regulator has been mulling over the possibility of launching a formal investigation into the Home Office’s electronic visa (eVisa) system for a period of five months. This prolonged period of indecision has led to a barrage of criticism from digital rights groups, who accuse the regulator of procrastination.
In late November 2025, the Open Rights Group, along with 18 other civil society organisations, penned a joint letter to the Information Commissioner’s Office (ICO). The letter urged the ICO to formally investigate whether the Home Office’s eVisa system is in violation of UK data protection laws.
The organisations, which include the3million and Migrants Rights Network, drew attention to the significant number of data quality and integrity errors associated with the eVisa system. These errors have resulted in individuals being unable to reliably verify their immigration status. The groups also pointed out the “digital-by-default” nature of the system and the Home Office’s refusal to issue alternative proof of immigration status, despite the ongoing data issues.
One particular case, which was exclusively reported by Computer Weekly, highlighted the severity of the technical errors with the data held by the Home Office. The errors were so severe that the regulator had previously determined that there had been a breach of UK data protection law. The individual affected by these errors revealed to Computer Weekly that the eVisa system’s ongoing technical issues resulted in his account displaying an expired student visa, instead of his new spouse visa, and incorrect passport information for nearly six months.
In early December 2025, the ICO confirmed that it had received the letter from the civil society groups outlining their concerns. The ICO stated that it would “carefully assess the issues raised before responding”. Computer Weekly has confirmed that while the ICO did open an investigation in early December – and even formally allocated a case reference number – the regulator is still considering the matters raised in the letter at the time of publication.
In March 2026, the High Court heard – and ultimately dismissed – a judicial review case brought against the Home Office. The case revolved around whether the Home Office’s policy of never issuing alternative immigration status, despite persistent data issues, was lawful. The case did not focus on any data protection issues.
The case was initiated by two claimants who were left unable to prove their immigration status for six and nine months respectively. This was due to the system either locking them out of their eVisa accounts or displaying incorrect information on their profiles.
Sara Alsherif, the migrant digital justice programme manager at ORG, spoke with Computer Weekly about the situation. She stated that migrants are being “failed” by both the Home Office and the ICO. Alsherif expressed serious concerns about the Home Office’s handling of personal data under the eVisa scheme. She pointed out that the scheme has been plagued by widespread data errors, an inaccessible design, and persistent technical failures.
