EU data watchdog flags concerns over Frontex’s migrant data processing

The European Data Protection Supervisor (EDPS) warns of potential breaches of EU law and Frontex’s mandate in processing migrants’ personal information. Issues include unclear data protection responsibilities and broad data processing categories without specified purposes.

Visualizing data - abstract purple background with motion blur, digital data analysis concept

The European Data Protection Supervisor (EDPS) has expressed reservations regarding the handling of migrants’ personal information by the EU border agency Frontex, asserting that it infringes upon both EU regulations and Frontex’s own mandate. Despite Frontex’s introduction of internal regulations at the end of 2021 and the issuance of two non-binding opinions by the EDPS in June 2022, the current draft of rules under consideration by Frontex does not align completely with the established regulations.

The EDPS has identified issues related to the extent of data collection and processing, the ambiguity surrounding data protection responsibilities, and the extensive handling of personal data without specific purposes defined. The EDPS has also brought attention to problems arising from the non-voluntary nature of migrant interviews, the sharing of debriefing reports with other law enforcement agencies, and Frontex’s classification of individuals as “suspects.”

Furthermore, there are ongoing disputes regarding the legal grounds for processing sensitive data and the treatment of data collected on vessels and aircraft. The EDPS may contemplate legal action if remedial actions are not swiftly implemented.

Why does this matter?

This matter goes beyond data processing; it reflects broader concerns about legal compliance, human rights, and the ethical handling of sensitive information in the context of immigration and border control. Human rights organisations have urged the European Ombudsman to investigate EU institutions’ failure to uphold human rights while sharing surveillance technology with non-EU countries. This request is based on Privacy International’s findings, which revealed that the European Commission and EU entities, including Frontex and CEPOL, supported non-EU security agencies with surveillance tools for migration control and surveillance programs.