#PrivacyWins: EU Border Guards Cancel Plans to Spy on Social Media (for now)
As any data protection lawyer and privacy activist will attest, there’s nothing like a well-designed and enforced data protection law to keep the totalitarian tendencies of modern Big Brother in check.
While the EU’s data protection rules aren’t perfect, they at least provide some limits over how far EU bodies, governments and corporations can go when they decide to spy on people.
This is something the bloc’s border control agency, Frontex, learned recently after coming up with a plan to monitor the internet use of migrants and civil society. After publishing a tender inviting surveillance companies to bid for the project, they mysteriously cancelled it less than a month later while facing questions as to whether such spying was even allowed under data protection regulations.
Published in September, the agency planned to give up to €400,000 to a surveillance company to track people on social media so that border guards “would have an understanding of the current landscape” as well as “a strategical warning system on changes such as the socio-political, economic or human security environment that could pose challenges to Frontex policies.” (Essentially, they wanted to spy on their social media to see what they were up to).
But why stop short at spying on migrants themselves? In addition to gathering “data and analysis of relevant actors using social media: migrants; traffickers/smugglers”, Frontex also wanted to monitor “civil society and diaspora communities in destinations (EU).”
To be clear, it makes absolutely no difference if a border authority wants to monitor a migrant abroad or someone residing in Europe. But legally, people in the EU are afforded better legal protections, so in reality this was a particularly problematic thing to try and pull off.
At this stage, NGOs such as Statewatch and journalists at Mediapart had noticed the tender, leading to Frontex having to defend the project by claiming, to the bemusement of some of Privacy International’s data protection experts, that “the required service does not entail collecting, processing, sharing or storing of any personal data by the European Border and Coast Guard Agency”.
Hey Frontex, let me ask you a question…
So with that in mind, Privacy International set up an account on the procurement website, and asked them some pretty detailed questions to find out how they came to the conclusions they did, and if they had gone through the necessary checks to make sure their plan was legal.
These questions were based on a single legal instrument, Regulation 2018/1725, which is the equivalent of the GDPR for EU institutions and is thus meant to regulate how EU bodies like Frontex process personal data. Similar to other questions, the agency would have had to publish the answers on the tender site.
Two days later however, they issued this update:
They told the journalist it was because of “the upcoming entry into force of the new European Border and Coast Guard Regulation.” But this doesn’t seem credible, suggesting that the agency has only now become aware of the Regulation which governs its own mandate and proposed last year.
Is Fortress Europe Monitoring You?
Contrary to some reporting, the EU isn’t some border-free zone full of refugees – it currently hosts some 14% of the world’s refugees (if you exclude Turkey, which by itself hosts some 18%). Instead, as authoritarians and populists have come to power “Fortress Europe” has never been more fortified. Frontex is likely to get a budget of €420.6m next year according to EUObserver, a 34.6 percent increase compared to 2019. Frontex started with a budget of €6m in 2005.
If they do, there will be some equally good monitoring by journalists and civil society looking to keep them in check. Watch this space.