Frontex wanted to monitor “civil society and diaspora communities in destinations (EU)”

Despite the EU’s data protection provide some limits over how far EU bodies, governments and corporations can go when they decided to spy on people, on September 2019 Frontex decide to publish a tender inviting surveillance companies to bid for the project, that it has mysteriously cancelled less than a month later.

The tender invited surveillance companies to bid for the project aimed to monitor the internet use of migrants and civil society, the purpose of the agency would have been to give up to €400,000 to a surveillance company to track people on social media so that border guards would have obtained “an understanding of the current landscape” as well as “a strategical warning system on changes such as the socio-political, economic or human security environment that could pose challenges to Frontex policies” (Essentially, they wanted to spy on their social media to see what they were up to).

In addition to gathering “data and analysis of relevant actors using social media: migrants; traffickers/smugglers”, Frontex also wanted to monitor “civil society and diaspora communities in destinations (EU).

NGOs such as Statewatch and journalists at Mediapart had noticed the tender, leading to Frontex having to defend the project by claiming, to the bemusement of some of Privacy International’s data protection experts, that “the required service does not entail collecting, processing, sharing or storing of any personal data by the European Border and Coast Guard Agency”. So with that in mind, Privacy International set up an account on the procurement website and asked them some pretty detailed questions to find out how they came to the conclusions they did, and if they had gone through the necessary checks to make sure their plan was legal.

These questions were based on a single legal instrument, Regulation 2018/1725, which is the equivalent of the GDPR for EU institutions and is thus meant to regulate how EU bodies like Frontex process personal data. Similar to other questions, the agency would have had to publish the answers on the tender site. But within a few days, they decided to cancel the tender, justifying their decision by “the upcoming entry into force of the new European Border and Coast Guard Regulation.”

Read the full article on Privacy International’s blog.