The European Data Protection Supervisor (EDPS) suggested on Thursday that Frontex (European Coast Guard Agency) is violating rights and data protection laws by not handling migrant data correctly when processing debriefing interviews before handing the data to Europol (EU’s police agency).

The EDPS published a report based on an audit held in October 2022, which identified 36 findings, including Frontex using debriefing interviews to collect personal data which would allow the interviewee to be identified. Frontex claims that the interviews are anonymous and voluntary with the aim to collect information about migratory routes and to prevent smuggling and trafficking. However, the EDPS claims that the individuals become identifiable when this information is asked, along with their personal details.

The EDPS also questions whether the processing of personal data is adequate, necessary or subject to the necessary risk analysis before being passed onto Europol. The report also detailed that some migrants were detained or deprived of liberty which may have made them feel they need to give more personal details – more than what is required by Europol. Further serious compliance issues were also raised in the report against Frontex. This violates several EU data protection rules as well as Frontex’s rules.

In response to the EDPS report, Frontex emailed several media outlets explaining that they wanted to continually ensure that their activities are in line with data protection regulations and fundamental rights – and are willing to consider changes to their current operation. However, Frontex is still heavily scruntised by the EDPS, EU and ECHR, especially after prior accusations of the agency being involved with illegal migrant pushbacks on the coast, resulting in full-scale human rights investigations.

The EDPS has given Frontex until the end of 2023 to resolve the data regulation, storage and protection issues.