The Home Office is in the news again, coming under fire for the latest in a series of questionable wheezes to bully unwelcome foreigners. After the Racist Van, now we have the Racist text messages, brusquely telling the recipient:
Message from the UK Border Agency. You are required to leave the UK as you no longer have right to remain.
You have to wonder where they get their ideas from; one imagines civil servants sitting around a table just spitballing ideas until someone suddenly says ‘Make them all wear flares until they go home’. One can only hope that none of the team has seen the Blaxploitation film ‘Three The Hard Way’, in which a racist millionaire called Monroe Feather develops a toxin that kills only black people. The problem with the text idea, apart from the fact that it is horrible and uncivilised, is that they keep texting the wrong people.
The Home Office is quoted as saying:
“Where it is identified that Capita have contacted an individual in error, Capita and Home Office records are immediately updated and contact is ceased. Furthermore, if an error has been made at the triage stage of handling the case, this is fed back, any learning incorporated into training and, where applicable, processes are amended.”
You’ll notice that they don’t say ‘and we inform the Information Commissioner about a breach of the fourth Data Protection principle on the basis that the personal data we are using is inaccurate’. I think the media coverage has led the ICO to investigate, but the interesting thing about the fourth principle is that it is fairly blunt.
Personal data shall be accurate and, where necessary, kept up to date.
The only qualification comes later, when the Act says the principle 4 has not been breached if “having regard to the purpose or purposes for which the data were obtained and further processed, the data controller has taken reasonable steps to ensure the accuracy of the data”. Given that the Home Office (or their henchmen) is texting people telling them to piss off out of the country, they will surely have to demonstrate a significant effort to verify the numbers. Merely saying ‘these are the numbers they have us’ will surely not be enough.
The ICO will presumably get to the bottom of it, and it’s foolish to pre-empt any decision they might make. It is nevertheless worth asking whether sending a person an erroneous text telling them to go home is ‘likely to cause substantial damage and distress’. And accuracy is only the beginning of the explaining the Home Office should be asked to do. Where did these numbers come from? What were the people told when their numbers were obtained? What Data Protection condition has the Home Office satisfied before processing the mobile numbers for the purpose of mild intimidation?
And now we come to the payoff: is Data Protection the only legislation to which the Home Office is subject here, and to which the Information Commissioner should pay heed?
The ICO’s sturdy new guidance on Direct Marketing retains a definition from previous documents about electronic marketing:
“Direct marketing is not limited to advertising goods or services for sale. It also includes promoting an organisation’s aims and ideals.”
These text messages do not form direct part of any legal process, and I doubt that the Home Office will have given itself the power to send them in any legislation. In other words, as far as I can see, there is only one definition that explains the purpose of the texts. The Home Office is trying to encourage who are in the country illegally to go home. The texts do nothing but promote the Home Office’s aims and ideals. No matter what you think of those aims, what else are the messages designed to do? I believe that the Home Office’s text messages meet the definition of direct marketing Under Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), specific consent is required to send direct marketing electronic mail to an individual, and the definition of electronic mail includes text messages. The recipients should have been asked to opt in, and if they were not, the messages should not have been sent.
Unlike the possible breach of the 4th Data Protection principle – which has only occurred if the Home Office cannot show that they took reasonable steps to ensure that their data was accurate – PECR is much more prescriptive. Without consent, the sending of direct marketing texts is a straightforward contravention. So despite the extremely regrettable decision of the Tribunal to overturn their attempts to beat back the plague of PPI texts this week, highly distressing marketing texts are still on the agenda.
Unless the Home Office obtained consent, I think this idea should be sent back to the drawing board.