Hongkongers are concerned they might risk data leaks to China during the outsourced British national overseas (BNO) visa application process.
The BNO visa was offered by the British government to people in Hong Kong to get an access to British citizenship.
Hongkongers who spent five continuous years in the UK with a BNO visa could apply for settlement, given they spent no more than 180 days outside of the UK in any 12-month period.
The visa scheme was open from 31 January 2021, following the Chinese government’s imposition of the National Security Law (NSL) in Hong Kong in 2020.
Numerous protestors, activists, journalists and opposition lawmakers had been arrested under the NSL.
Dominic Raab, Foreign Secretary at the time, said: “China’s imposition of the National Security Law in Hong Kong constitutes a clear and serious breach of the Sino-British Joint Declaration contrary to international law.
“With the launch of this new visa route, BNO citizens will now have a choice to come and live, work and study in the UK.”
There were a total of 140,500 BNO visa applications since the visa scheme introduction on 31 January 2021 up to the end of June, according to the data published by the Home Office.
Outsourced visa application centres
The Five Eyes – the US, the UK, Canada, Australia and New Zealand – formed an intelligence cooperative in areas of military, human and signals intelligence since the 1940s.
However, among these five countries, only the US had its own diplomatic staff to handle visa applications at every stage; while the rest outsourced the handling of visa applications to third party companies according to the BBC.
Visa applicants would have to apply to outsourced visa application centres run by third-party companies.
VFS Global, headquartered in Dubai and owned through several holding companies in Jersey, the Cayman Islands and Luxembourg, processed visa applications on behalf of the British Home Office since 2014.
A joint investigation by The Independent and Finance Uncovered revealed in 2019 that the UK Government made £1.6 billion from visa applicants in 2014-2019, a nine-fold increase compared to the five years before, and VFS Global was accused of “gross maladministration” and “aggressive” selling of optional services.
Moreover, there were reports accusing VFS Global of data breach, including a security hole in online visa services in India and possibly Nigeria and Russia in 2007, and applicants’ data compromised in Italy’s online application form in 2015.
When asked about the current level of their security standards, the spokesperson of VFS Global said they worked with a range of world leading cyber security providers to ensure their systems continually operate to the highest possible standards.
They added they complied with the EU-mandated General Data Protection Regulation and other data protection laws in the countries it operated in, as well as fully adhering to the processes and security requirements of all its client governments.
Local subcontractors
A recent BBC video clip highlighted the danger of data leaks to Chinese authorities during the visa application process, as a result of subcontracting arrangements.
By Chinese laws, the visa application centres within the Chinese boundaries must work with local Chinese companies.
Therefore, the VFS Global visa application centre in Hong Kong was subcontracted to a local private company called Hong Kong Glory Visa Consulting Company Limited.
Information security remained a lingering concern for many Hongkongers, especially after the introduction of the national security law and the expansion of police powers in recent years.
Yuen, 32, a handyman who migrated to the UK from Hong Kong via the BNO visa route, was worried about potential data leaks, but did not think this would affect his plans to visit families and friends in Hong Kong at this point.
He said: “There is nothing I can do, other than being more cautious.”
Denise Chan, 34, an accountant and also a BNO visa holder, said: “I am constantly worried about data security, especially with what happened in Hong Kong in the past few years.
“Even though I have moved to the UK, I am still wary of what I post online on my social media accounts as I am scared that it may affect my family and friends who are still in Hong Kong.”
Nevertheless, she did not think it would stop people from applying for the visa.
The Home Office said information captured by local Chinese partners was encrypted and securely transmitted to UK Visas and Immigration, and was subsequently deleted from commercial partner systems automatically.
The spokesperson of VFS Global said: “The role of VFS Global is purely administrative and VFS Global is not involved in the visa decision making for the UK, or any other client government.
“The UK and other governments deliver their own visa decision making services.”
They emphasised the Chinese authorities did not have access to VFS Global data.
They added the Home Office IT system was separate to that of VFS Global, that the data from the VFS Global system was transferred to the Home Office system in accordance with contractual requirements.
Featured image credit: Rose Ng