The UK data regulator has been considering whether to formally investigate the Home Office’s electronic visa (eVisa) system for five months, leading to accusations from digital rights groups that it is dragging its feet.
In a joint letter sent to the Information Commissioner’s Office (ICO) in late November 2025, the Open Rights Group and 18 other civil society organisations urged the regulator to formally investigate whether the Home Office’s eVisa system is breaking UK data protection laws.
The groups – including the3million and Migrants Rights Network – highlighted the “high volume” of data quality and integrity errors linked to the scheme, which have prevented people from being able to reliably prove their immigration status.
They also highlighted the “digital-by-default” nature of the system, and the Home Office’s refusal to issue alternative proof of immigration status in the face of persistent data issues.
In one case exclusively reported on by Computer Weekly, the technical errors with data held by the Home Office were so severe that the regulator previously found there had been a breach of UK data protection law.
Speaking with Computer Weekly, the person affected said that ongoing technical errors with the eVisa system meant his account continued to display an expired student visa, instead of his new spouse visa, and wrong passport information for almost half a year.
The ICO confirmed in early December 2025 that it had received the letter from civil society groups outlining their concerns, it said that it will “carefully assess the issues raised before responding”.
Computer Weekly can confirm that while an investigation was opened by the ICO in early December – with a case reference number formally allocated – the regulator is still considering the matters raised in the letter at the time of publication.
A matter of urgency
While the High Court heard – and ultimately dismissed – a judicial review case brought against the Home Office in early March 2026, that case turned on whether Home Office policy to never issues alternative immigration status despite persistent data issues was lawful, rather than any data protection issues.
The case was brought by two claimants who were left unable to prove their immigration status for six and nine months respectively, which occurred due to the system either locking them out of their eVisa accounts or showing incorrect information on their profiles.
Speaking with Computer Weekly, Sara Alsherif, the migrant digital justice programme manager at ORG, said that migrants are being “failed” by both the Home Office and the ICO.
“We raised serious concerns with the ICO about the Home Office’s handling of personal data under the eVisa scheme,” she said, adding the scheme has been plagued by widespread data errors, an inaccessible design, and persistent technical failures that have left people unable to prove their right to work, rent, study, travel or access essential services.
“Migrants are being failed by the Home Office, which didn’t properly assess the risks of a digital-only roll-out, and by those who have not investigated despite being alerted to these issues last December – epecially after the court and the Home Office admitted that those affected by data quality and integrity issues are facing ‘real difficulties’ in their day-to-day lives. We urge the ICO to begin a formal investigation into data protection breaches and accessibility issues with the scheme.”
For Fizza Quershi, director of Migrants Rights Network, the ICO must act immediately to resolve eVisa data protection issues: “These eVisas are harming real people, right now. Migrants can’t be expected to navigate a digital system that is both mandatory and unreliable. People are being left in positions where they are unable to prove their rights, access services, or plan their lives.
“The risks were already clear as far back as November. The regulatory body has since confirmed at least one breach of Data Protection law, yet there’s been no meaningful progress. Each day without action leaves people at risk of losing their jobs, their homes or their ability to travel. The ICO must act with urgency to ensure the Home Office is held to the standards required by law.”
Computer Weekly contacted the ICO about why it is yet to open a formal investigation, or publicly respond to the letter, despite widespread data protection issues being reported with the system.
“We regularly engage with government departments, including the Home Office, to ensure that data protection obligations are met and potential risks are mitigated,” said an ICO spokesperson. “We can confirm that we have received the letter outlining these concerns, and are continuing to carefully assess the issues raised before responding.”
In December 2025, Computer Weekly received a Freedom of Information (FoI) Act response from the ICO about the volume of eVisa complaints it had received since paper documents were phased out at the end of December 2024.
However, the regulator said at the time that it was unable to say how many eVisa related cases there are, because it would require a manual search of hundreds of complaints raised against the Home Office.
“The reason is that we do not record the requested information in a way that is easily reportable and would require a manual search of hundreds of records to find the information that you are requesting,” it said.
“We hold 851 cases about the Home Office in the previous two years, assuming that one year is approximately half that, then there would still be 425 cases to manually search. Each search could take approximately 3-4 minutes to complete, which would still take it over the cost limit. It should also be noted that some of the searches would take considerably longer.”
Computer Weekly asked the ICO whether it now has a clear idea of how many eVisa-related data protection complaints have been raised against the Home Office, but it did not respond to this point.
