Frontex and Europol: EU agencies with surveillance program

After secret data collection on migrants, Frontex hires 250 new officers to profile travelers

Europol, the Hague-based EU police agency, is tasked with investigating criminals and preventing imminent crimes. Europol can coordinate investigations if they involve two or more EU member states and stores information in its own databases to do so. For several years, the border agency Frontex has also been collecting data on persons suspected of committing cross-border crimes and forwarding it to Europol. The medium „Balkan Insights,“ „Spiegel“ and other international press reported on this last week after a joint investigation. However, Frontex, which was once established in Warsaw to monitor and control borders, does not have a sufficient mandate for this.

In 2015, the two agencies adopted a program to „Processing of Personal Data for Risk Analysis“, abbreviated as PeDRA. It started a year later as part of a Frontex mission in Italy, followed by Spain and Greece. Officially, only presumed smugglers or terror suspects were to be stored under PeDRA. By 2021, however, Frontex said it had collected personal data on 11,254 people and passed it on to Europol. This was information obtained by Frontex during initial interviews with refugees. The number is so high that it can hardly consist of – as claimed – only refugees or terrorists.

Frontex Director Fabrice Leggeri, who recently resigned after numerous scandals, nevertheless did not think the data collection went far enough. For years, the expansion of PeDRA had been a core element of his vision to turn Frontex into a kind of twin agency of Europol, writes „Spiegel“. Last December, the two agencies therefore decided to expand the program. Henceforth, biometric data from DNA, fingerprints and facial images of the persons concerned should also be allowed to be collected. Permission for this was given by Frontex’s board of directors, to which the interior ministries of each EU member state and the EU Commission send representatives. The new collection frenzy also included political and religious beliefs, as well as sexual orientation – if this became known to Frontex. Although there are high hurdles to this and both EU agencies have so far been prohibited from doing so for data protection reasons, social media profiles were also to be searched.

From the outset, both the European Data Protection Authority and the border agency’s own data protection commissioner have rebuked the plans. The EU’s top data protection official fears stigmatization of those stored, which could negatively impact their right to asylum. Frontex also failed to justify why the sensitive data was needed in the first place, the Frontex data protection officer complained. Such justification is mandatory for other authorities. However, the data protection officer had no mandate to also enforce her recommendations and was excluded from important meetings by Director Leggeri and finally ousted in the summer of 2021.

In other programs, too, Frontex is visibly evolving into a kind of border intelligence agency. Next year, the European Travel Information and Authorization System (ETIAS) will be launched. Visa-free travelers from currently 60 countries will have to register before crossing the EU border and submit personal and planned travel information. Based on the application form, an assessment system managed by Frontex identifies possible risks in terms of irregular migration, security or epidemics. According to the ETIAS regulation, Frontex is to develop an algorithm that enables automatic profiling of travelers. Around 250 new officials at the ETIAS central office at Frontex in Warsaw are responsible for this.

Image: Frontex starting PeDRA in Greece 2016 (Frontex).

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.