DIGITAL INNOVATION
DIGITAL INNOVATION ‘DIGITAL EU’: THE GOOD, THE BAD & THE UGLY Expansion of data-collection is eroding EU values and rights The EU is trampling on its own values and peoples’ rights to privacy and data-protection as it expands its collection of data in areas such as migration, the EU’s data protection advisor tells Nikolaj Nielsen. In October, Wiewiórowski’s staff carried out an audit of Frontex’s processing of personal data of migrants By NIKOLAJ NIELSEN Wojciech Wiewiórowski is a 51-year old Polish national whose job as the EU’s data protection supervisor (EDPS) is to ensure that European institutions and bodies respect peoples’ right to privacy and data-protection. Yet those rights are regularly denied to thousands of people seeking asylum in the EU, he warns. Wiewiórowski, who heads the independent, Brussels-based, EDPS, says the EU has “two extreme approaches,” when it comes to the collection of and processing of people’s data crossing a border of the European Union. The first is value-based and one where everyone is treated fairly regardless of origin. The second is security focussed and one where people have to give up all their data, irrespective of privacy rights. “The second approach is not convincing for us,” he says. Wiewiórowski warns that people who arrive at the borders seeking international protection are forced into divulging all their personal data in order to gain access to the EU. That data is fed into large EU databases, some of which were set up to crack down on criminals. “We are forgetting for which reasons we were collecting the data,” he says. This poses a slew of data-protection problems, spanning concepts like “purpose limitation” and “data minimisation.” Both are spelled out in the EU’s general data protection regulation (GDPR), as well as its directive on law enforcement. It means authorities are only supposed to collect data for specific purposes. But Wiewiórowski says there is a push to collect everything possible. This is fed into a maze of EU and national security databases that then ‘talk’ to one another. “I feel a little bit puzzled,” he acknowledges. The European system is based on humane values, he says. But at the same time people are being denied their rights. Wiewiórowski says he partly understands the approach by EU states, the border authorities, and Frontex when it comes to migration. But he is also bound by rights enshrined in the EU treaties. Earlier this year he ordered Europol to erase data on people with no established link to a criminal activity. The Haguebased agency had hoovered up four petabytes of sensitive data, including from asylum seekers with no criminal records. And in October, his staff carried out an audit of Frontex’s processing of personal data of migrants at their headquarters in Warsaw. The probe is looking at how Frontex and Europol are sharing data through the Processing of Personal Data for Risk Analysis, known as PeDRA. We are forgetting for which reasons we were collecting the data.” Wojciech Wiewiórowski Fabrice Leggeri, when he was still executive director at Frontex, had proposed expanding PeDRA to allow boarder guards to collect sensitive data on asylum seekers, including their sexual orientation. Wiewiórowski’s task and that of national data-protection authorities is only likely to get more difficult as tech-based solutions to security issues push privacy rights on the back burner. Over the years, the EU has dramatically increased its security budgets to shore up its external borders. The EU’s Internal Security Fund shot up by 90 percent to €1.9bn, when compared to the EU’s previous seven-year budget cycle. The fund is intended to reinforce police powers, including the exchange of data. It helped finance to the tune of some €15m the expansion of Greece’s automated border surveillance system, 23
