Ministers may have breached privacy laws when they suspended the child benefit of thousands of families on the basis of flawed Home Office information, legal experts have said.
At the same time, the UK’s data watchdog, the Information Commissioner’s Office, has contacted the national tax authority, HMRC, over the issues raised.
Pressure on the government to reveal the reason incomplete Home Office travel data was used by HMRC as part of a benefit crackdown has mounted as the Liberal Democrat spokesperson for work and pensions, Steve Darling, said what had happened was “unacceptable”.
“After the carers allowance repayments scandal, this news raises fresh concerns that things are seriously wrong within our welfare system, with people paying the price through no fault of their own.
“Ministers must come clean on how exactly this error was allowed to happen in the first place, support affected families, and ensure that action will be taken to stop such mistakes from ever happening again.”
HMRC said it had reinstated payments to 1,979 families as of 31 October. While it was “confident” the “majority” of the 23,500 payments had been “suspended correctly” it urged anyone who had wrongly been sanctioned to call the helpline on their letter for a swift resolution.
Flaws in the HMRC benefit fraud crackdown emerged a week ago when politicians in Northern Ireland discovered that payments had been stopped to taxpayers who returned home via Dublin airport, across the border.
It then transpired that payments had been suspended to families across the UK, including to people who had left and returned through the same airport, and holidays as long ago as three years ago were being flagged as one-way tickets abroad.
The HMRC crackdown also affected passengers who had not boarded flights, including one woman who was refused boarding after her child fell ill at the departure gate.
Among the new cases to have emerged in the last 24 hours were a teacher who made a school trip, booked through her employer, who could not provide a plane ticket to demonstrate she had, in fact, returned to the UK.
“One of the main data protection principles is that personal data should be accurate. If you don’t know whether the data is accurate, and that seems to be proven by the experiences that have been set out in the stories, then that really shows that there is a breach if data protection law,” said Eleonor Duhs, barrister and privacy law expert.
The ICO said: . “We are in contact with HMRC regarding the issues raised,” a spokesperson said. “Any data-sharing between public bodies must be necessary, proportionate and carried out in line with data protection law. This includes ensuring that data is accurate and fit for purpose, especially when it is being used to make decisions linked to benefit payments.
“We expect organisations to demonstrate how their use of personal data meets legal requirements, particularly where decisions may have significant impacts on individuals.”
The suspension of child benefit happened after the Home Office shared its travel data, which transpired to be incomplete, to HMRC who implemented the government anti-fraud operation.
HMRC insisted it had done nothing wrong in relation to data laws.
A spokesperson said: “We’ve not breached any data protection laws regarding our child benefit compliance activity. We adhere to the UK GDPR and other data protection legislation when processing Personal Data.”
It also said it “continuously” engaged with the ICO which sits on the Digital Economy Act Governance Board and is “aware of any agreements regarding this exercise”.
The Home Office’s own communication with members of the public highlights what appear to be significant caveats.
“Any travel history provided should be interpreted as an intention to travel and not as proof of travel. The carrier should be approached directly if the information is required for an official process,” it said in a document sent to a passenger who requested to see their Home Office records, through a “subject access request”.
HMRC has apologised twice for the distress caused to victims, and after an urgent review on Monday suspended the practice of stopping child benefit until it had first checked with recipients.
It said it would also now cross-check travel data with pay as you earn (PAYE) tax data it held. “This strikes the right balance between protecting taxpayers’ money and ensuring payments are only suspended when appropriate,” it said.
HMRC said it had an agreement in place with the Home Office “which allows us to use travel data to inform our compliance activities” and “to tackle error and fraud”.
Duhs said data protection laws required schemes such as this to demonstrate that use of travel data was “necessary” and the purpose of using it was “proportionate” to the desired outcome, in this case saving of up to £350m, according to government declarations.
“There is a human rights test to balance here. Under the data protection laws, the use of personal data has to be necessary, there has to be a legitimate aim, and it has to be proportionate to that aim.
“We’ve got so many mistakes here it begs the question as to whether this process was done in a way that was proportionate to people’s human rights given the detriment to people’s lives and the distress caused,” Duhs said.
