Complaint on EU surveillance transfers to third countries
PI and 5 other human rights organisations are calling on the European Ombudsman to investigate evidence that several EU bodies are supporting surveillance in non-EU countries in breach of EU rules.
Authority: European Ombudsman
Status: Open
Privacy International, Access Now, the Border Violence Monitoring Network, Homo Digitalis, International Federation for Human Rights (FIDH), and Sea-Watch asked the European Ombudsman, which is charged with investigating instances of maladministration by EU agencies, to launch an investigation into the allegations listed below.
Specifically, we are gravely concerned about the activities carried out by the European Commission, as well as the European Border and Coast Guard Agency (Frontex), the European Union Agency for Law Enforcement Training (CEPOL) and the European External Action Service (EEAS), which relate to the transfer of surveillance capabilities, including capacity building or trainings of third country authorities in surveillance techniques, the transfer of surveillance equipment to third countries, as well as any other support.
EU institutions are under an obligation to conduct human rights risk and impact assessments prior to engaging in any form of surveillance transfer. Prior risk and impact assessments are needed to ensure that any surveillance transfer will not result to serious violations of the right to privacy or facilitate other serious violations of human rights. However, our research into EU surveillance transfers suggests that in most of these cases no human rights risk and impact assessments seem to have been carried out prior to the engagement of the aforementioned bodies with authorities of third countries.
We therefore asked the Ombudsman to, first, confirm that the bodies complained against are under an obligation to carry out human rights risk and impact assessments prior to engaging in any form of transfer of surveillance capabilities to authorities of third countries. Second, should the European Ombudsman find that the aforementioned bodies have failed to carry out said assessments, we ask her to rule that such failure constitutes maladministration, and we invite her to issue recommendations to effectively address the matter that could potentially have implications for millions of people located both within and outside the EU.
Following our complaint, in November 2021 the European Ombudsman opened an inquiry into the European Commission's assessment of human rights impacts before providing support to African countries to develop surveillance capabilities in the context of the EU Emergency Trust Fund for Africa.
In October 2022, we were informed that the European Ombudsman has launched two additional inquiries into Frontex and EEAS, following two separate complaints we submitted against those agencies. Both inquiries deal with how the agencies assessed human rights impacts before providing assistance to non-EU countries to develop surveillance capabilities.
The Ombudsman's inquiry into the EEAS allowed PI to submit comments on the EEAS's response to the Ombudsman's list of questions. The inquiry reached a mixed conclusion in November 2023, finding that no further inquiries were justified, but making a series of suggested improvements for the EEAS to adopt in oder for their human rights due diligence process to constitute as an acceptable alternative to a human rights impact assessment. These recommendations focused on making changes to the EEAS human rights due diligence documentation and urged for the inclusion of "data protection provisions" on information sharing sessions, that the human rights impact of an activity be assessed at "every stage" of said activity and that a description of the risk identification process should be included in due diligence documents as well as the elements involved in a potential risk assessment laid out. The recommendations aim to enhance transparency, accountability, and human rights considerations in EU Civilian Missions.