Privacy International (PI) together with a coalition of human rights groups have today called on the European Ombudsman, the EU’s oversight body, to investigate evidence that the block is supporting surveillance in non-EU countries in breach of its own rules.
The groups have submitted a complaint accompanied by a dossier of evidence to the European Ombudsman outlining how EU bodies and agencies are cooperating with governments around the world to increase their surveillance powers.
Privacy International, Access Now, the Border Violence Monitoring Network, Homo Digitalis, International Federation for Human Rights (FIDH), and Sea-Watch are calling on the European Ombudsman, which is charged with investigating instances of maladministration by EU institutions, to launch an investigation into the allegations.
The evidence, compiled from EU internal reporting, correspondence with EU bodies and agencies, as well as documents obtained through access to documents requests, details how multiple EU agencies are providing surveillance technology, training and financing to non-EU counterparts.
In doing so, we argue that the EU is providing authorities with digital tools of surveillance which have been used and will likely continue to be used by authorities of these countries to circumvent individuals’ freedoms and violate their privacy, data protection, as well as other fundamental rights.
As such, the EU bodies might be in breach of their EU law obligations to respect human rights in their external relations by failing to carry out the necessary human rights risk and impact assessments.
Under the EU Trust Fund for Africa, for example, which is being used to manage migration from Africa to Europe, millions have been allocated to countries to provide them with digital tools to collect data from devices and build mass-scale biometric ID systems.
Other funds have been used to train police in North Africa on wiretapping, monitoring social media users, and decrypting intercepted internet content. In the Balkans, similar funds have been allocated to provide authorities with wiretapping equipment and to build biometric ID systems.
In particular, we are calling on the European Ombudsman to investigate the due diligence undertaken by these agencies and to ensure that prior human rights risk and impact assessments are conducted in the future in order to mitigate the risks.
In addition, we have sent a letter, along with a copy of the complaint and accompanying material, to the European Data Protection Supervisor (EDPS), which is charged with ensuring EU bodies respect data protection rules. We are calling on the EDPS to monitor and prioritise the issue.
The complaint can be found here.
The letter to the EDPS can be found here.