UK Data Watchdog Accused of Dragging Feet on eVisa Investigation

The Home Office’s electronic visa (eVisa) platform was launched as a “digital‑by‑default” service intended to streamline immigration processing. In practice, the system has generated a cascade of data‑quality and integrity errors, from expired visa displays to incorrect passport details, leaving applicants unable to demonstrate their right to work, study or travel. Under the UK General Data Protection Regulation (UK GDPR), the regulator – the Information Commissioner’s Office (ICO) – is tasked with policing such breaches. Since late 2025, a coalition of 19 civil‑society groups has pressed the ICO to examine whether the eVisa scheme violates those obligations.

The ICO acknowledged receipt of the joint letter in December 2025 and allocated a case reference, but a formal investigation has not been launched after five months of review. The regulator cited the need for a costly manual search of hundreds of complaints, estimating over three minutes per record and exceeding its budget ceiling. Meanwhile, migrants have endured prolonged periods—up to nine months—without reliable proof of status, a situation highlighted by a High Court judgment that dismissed a judicial review on policy grounds but affirmed the real‑world harms caused by the system’s inaccuracies.

The delay underscores a broader tension between rapid digital transformation and regulatory capacity. If the ICO proceeds with a full inquiry, it could compel the Home Office to redesign the eVisa interface, introduce alternative proof mechanisms, and tighten data‑quality controls, setting a precedent for other government‑run digital services. Conversely, continued inaction risks eroding public confidence, inviting legal challenges, and exposing the UK to enforcement actions from the Information Commissioner. Stakeholders are watching closely, as the outcome may shape the future of data‑protection compliance in the nation’s expanding digital public sector.