Asylum seekers routinely share their most sensitive information with the Home Office in order to support their asylum claims, write Daniel Carey and Zac Sammour. They do so in good faith, trusting that the Home Office will treat that information with the sensitivity and confidentiality that it warrants. But what happens when the Home Office doesn’t? And is that faith misplaced?

Asylum seekers are required to place a great deal of trust in their prospective host countries. In the course of an asylum application, an asylum seeker will often disclose information which could cost them or their family their lives if it were to fall into the hands of the perpetrators from whom they have fled. Whether it be details of a same-sex relationship, a minority religious belief, criminal offending or political affiliation, it is paramount that personal data provided in the course of an asylum application is carefully guarded.

The Home Office recently settled a claim for damages following its unlawful sharing of confidential asylum information with the state authorities in the asylum seeker’s country of origin. 

The claimant was an asylum seeker from a Middle Eastern country. In what appears to have been a misguided attempt to verify the sensitive information he provided, details of the claimant’s asylum application were provided by the Home Office (via the Foreign Office) to the state authorities concerned. 

Those disclosures gave rise to a serious risk that the authorities in his home state would be alerted to his asylum claim, preventing future return and threatening to place his family in danger. Unsurprisingly, the disclosures had a considerable impact on the claimant.

The Home Office agreed to pay our client £15,500 in damages. In response to news coverage of the settlement, the Home Office stated that:

In accordance with our obligations under the Refugee Convention and European and UK law, we do not disclose information about an individual’s asylum claim to that person’s home country, or seek information in a way that could expose them, or any family who remain in that country, to serious risk. We take any breach of this principle extremely seriously.

Despite settling the claim, the Home Office has refused to apologise. Indeed, the Home Office initially denied that it had done anything wrong in response to the claim.

No central monitoring of asylum data sharing with home country governments

Concerns therefore remain that it was not an isolated case. In TLT & Ors v Secretary of State for the Home Department & Anor [2016] EWHC 2217 (QB), the High Court awarded damages ranging from £2,500 to £12,500 to people named in a spreadsheet listing families returned to their country of origin that had been posted online and remained up for two weeks.

Although the Home Office fought that case to trial, it did acknowledge the error and inform the victims and the Information Commissioner’s Office. None of that happened in our client’s case. We lodged Freedom of Information requests with the Home Office to try to ascertain the numbers of incidents of unauthorised sharing of asylum information. The Home Office refused to answer, on the basis that

to identify the required information would require the detailed manual interrogation of every asylum claim lodged over the last 5 years. This equates to more than 100,000 cases.

Clearly, there is no central monitoring of this issue. It is possible that our client’s case may not have been a mere aberration. 

The situation is not helped by a varied approach by representatives and tribunal judges in asylum appeals. Although the government website states that First-tier Tribunal judgments are not made public, Upper Tribunal decisions are. They reveal a varied approach to the anonymisation of appellants and the amount of identifying information that is recited in the judgment.

Liability in human rights, data protection and tort law

Our client’s claim against the Home Office was for breaches of Article 8 of the European Convention of Human Rights, breaches of the Data Protection Act 1998 (section 4(4), read with paragraph 1 of Schedule 1) and for the tort of misuse of private information. In each case, the crux of our client’s complaint was that the Home Office’s disclosure of his private information, which constituted his personal data (and in some cases sensitive personal data), was unjustified. Liability for each of these causes of action was eventually accepted.

Part of the backdrop to that claim was the Home Office’s own rules and policies, as well as international law documents, which recognise the importance of protecting the private information of asylum seekers.

Rule 339IA of the Immigration Rules provides, in essence, that information provided in the course of an asylum application “shall not be disclosed to the alleged actor(s) of persecution of the applicant”. It also says that information “shall not be obtained” from the alleged persecutors if doing so would result in them being informed of the asylum application and thereby “jeopardise the physical integrity” of the applicant and his dependants, or threaten the liberty and security of his or her family members still living in the applicant’s home country.

That Rule is, in turn, reflected in the Home Office’s Asylum Policy Instruction Assessing Credibility and Refugee Status.

The Home Office accepted that the disclosures constituted a breach of the Immigration Rules, as well as United Nations guidance on the handling of asylum claims.

The effect of the legal provisions summarised above is that the Home Office is prevented from sharing asylum information, at least where doing so would risk harm to the well-being of an asylum seeker or his family members.

They also prevent actions falling short of documentary disclosure that would tip off state authorities (or other relevant persons) to the making of an asylum claim and/or its basis. This could be, for example, taking an asylum claimant to an embassy in an attempt to force them to obtain a new travel document.

Of course, asylum refusals that are appealed to the First-tier Tribunal are also routinely the subject of anonymity orders. It remained unresolved in this case whether the Home Office’s actions were in breach of that order, but on any view they sailed perilously close to the wind.

Calculating damages for information breaches

The assessment of damages for information breaches is a developing area of the law, to which the TLT case made a significant contribution. It still throws up uncomfortable contrasts between the damages awarded to migrants for sharing of information that can put lives at risk and the awards of £85,000- £260,250 made to celebrities and other victims of phone hacking in Gulati & Ors v MGM Limited [2015] EWHC 1482 (Ch).

Relevant factors to consider in any case will be:

• the seriousness of the breach and the level of culpability involved;
• the impact that it has had (including the risks that have arisen); and
• the effect on the victim(s). 

The Home Office’s actions in response are also a relevant factor when assessing damages. This is an area where aggravated damages may be appropriate.   

It is vital to the integrity of the asylum system that information disclosed as part of a claim is not shared with the persecuting state. In this case, the asylum seeker’s claims were later found by the First-tier Tribunal to be genuine and the Home Office granted him asylum in the UK. However, his safety and that of his family was put at risk by the department’s actions in sending documents evidencing state persecution to the state authorities in question.

In other cases, the victims may not even know that the Home Office has unlawfully shared their information. But it is important that, where it occurs, victims are advised accordingly and the Home Office held to account.

The claimant was represented by Daniel Carey of Deighton Pierce Glynn, Anya Proops QC (11KBW) and Zac Sammour (11KBW).