Toon Lambrechts is freelance journalist tegen beter weten in. Behalve in MO* Magazine en op MO.be is hij ook te lezen in onder andere Knack, EOS en Vice.
Who is accessing refugees' private data?
Should the government ask you to see your smartphone and your profile on social media, would you consent? It is a choice that asylum seekers in Belgium may soon not even have. Europe too is collecting an increasing amount of data from people seeking refuge. Exactly what all that data is used for and who has access to it is often unclear.
Those who decide to flee war or persecution face great challenges. The journey to a safer place is long and often just as rough as the situation you left your country for. It may lead you to an airport, a rickety little boat or the back of a truck. And once you reach that new country, you still have to ask permission to stay. ‘Maybe,’ you’ll be told. But first, how about you explain exactly why you left your country, and how you got here, to the asylum officer on the other side of the desk, who is a complete stranger to you?
Recounting a flight story is often particularly traumatising, yet there is no way around it. Anyone applying for asylum in Belgium must have legitimate reasons for doing so and must articulate them. First, the Immigration Office checks whether Belgium is indeed responsible for the application, and not another European country, under the Dublin Regulation.
If the responsibility is indeed proven to lie with Belgium, the Office of the Commissioner General for Refugees and Stateless Persons (CGRS) examines the asylum seeker’s story and assesses whether it is genuine. This increasingly involves examining digital data of people on the run.
A law is pending that would give the CGRS the right to request access to asylum seekers’ mobile phones, laptops and social media profiles. That amendment to the Aliens Act came in November 2017 on the initiative of then-Secretary of State for Asylum and Migration Theo Francken (N-VA). The law is not yet applied in practice, as the CGRS is waiting for a Royal Decree that should lay down the precise details of the measure. But right now, the CGRS does already review public profiles and data when assessing a refugee story.
The law also shows again the a priori assumption that asylum seekers are out to abuse the system.
Charlotte Vandycke, Vluchtelingenwerk Vlaanderen
Screening mobile phones and social media profoundly intrudes into people’s privacy. For most of us, our smartphone is a kind of central database of our personal lives, and this is no different for refugees. Among others, the Privacy Commission and Refugee Council Flanders expressed deep concern about screening mobile phones and social media.
‘In principle, an asylum seeker can refuse such a request for screening,’ says Charlotte Vandycke, director of Vluchtelingenwerk Vlaanderen. ‘But a refusal will negatively affect the application, even if someone has very valid reasons to say no. Nobody wants to undermine their credibility in the asylum procedure, because it is such a vital decision. This puts enormous pressure on people, to the extent that it is very doubtful whether you can truly talk about consent. Effectively, it is de facto equivalent to an obligation.’ Informed consent is a key concept in privacy and data protection legislation.
The law also shows once again that there is an a priori assumption that asylum seekers have something to hide and are out to abuse the system, Vandycke believes. ‘For this reason, people think they are allowed to employ double standards. The right to privacy and the protection of private life garners a lot of attention and is enshrined in the constitution. However, when it comes to asylum seekers, the legislator apparently sees no harm in putting a strain on privacy. That double standard between people is unacceptable.’
The German counterpart of the CGRS, the Federal Office for Migration and Refugees (BAMF), has been applying this practice for several years. There, too, the measure is a contentious issue. Three refugees from Syria, Afghanistan and Cameroon felt that the BAMF went too far in accessing their mobile data and filed a lawsuit. They also filed a complaint with the Data Protection Commission. One of them, Syrian Mohammed A., put it as follows. ‘I didn’t know exactly what was happening. But I was afraid of being deported, so I handed over my mobile phone. It felt like handing over the keys of my whole life.’
Claiming and analysing digital data is therefore more a way of showing that one is “firmly addressing” migration, regardless of whether it delivers anything.’
Lea Beckmann, lawyer in German lawsuit
Lea Beckmann works as a lawyer for the German civil rights organisation Gesellschaft für Freiheitsrechte (GFF) and is supervising the court case. ‘We believe the analysis of smartphone data violates the fundamental right to self-determination over information. We want to eventually get the case before the Constitutional Court to prove that the law allowing this practice is unconstitutional. It also goes against European data protection laws.’
The German asylum authority BAMF recently submitted counterarguments in the court case, Beckmann says. ‘Their claim is that they require this additional data to verify the identity and nationality of refugees. The assumption is that analysing information from mobile phones will make the asylum procedure more efficient, prevent fraud and help deport rejected asylum seekers.’
‘Except, that’s not true. It is legitimate to review asylum applications, but the additional data that the BAMF examines contributes little or nothing to that. On the other hand, your phone and social media profiles contain so many aspects of your personal life. Peeking in there is particularly intrusive. At the same time, it yields almost nothing for the asylum authorities. Therefore, in our opinion, this practice is completely disproportionate.’
Data collection and privacy are very sensitive issues in Germany. Yet the law giving the BAMF access to refugees’ digital data stirred up very little debate. Surprising, but not really, says Beckmann. ‘Since 2015, part of public opinion and politics has come to see refugees as a threat. As such, claiming and analysing digital data is more a way of showing that one is “firmly addressing” migration, regardless of whether it accomplishes anything’
From registration to analysis
The pursuit of data on refugees and migrants has also been opened at the European level. A database containing the fingerprints of refugees entering the European Union has existed since 2003. That database, European Dactyloscopy (Eurodac), was created under the Dublin Regulation — which stipulates that the member state where a refugee first arrives is responsible for their asylum application.
The European umbrella of refugee organisations (ECRE) recently released a report on the evolution of Eurodac. Niovi Vavoula, a lecturer in Migration and Security at Queen Mary University of London, drafted the report. She specialises in migration law, privacy and data protection.
Many questions can be raised regarding this ever-expanding EU data hunger.
‘Suppose someone arrives on Lesbos. The Greek authorities take a fingerprint of that person, because that is an obligation in European regulations. If this person decides to travel on to, say, Belgium, the Belgian authorities will again take a fingerprint and go and check in Eurodac whether they are already registered elsewhere. Both member states must then decide between themselves who is responsible for this person.’
Eurodac was the first European experiment with storing biometric data. For now, only fingerprints are in the database, but that is about to change. A number of proposals are again on the table to extend the scope of Eurodac. For instance, data collected by national authorities — name, nationality, country of origin, photos — could be linked to the refugee’s fingerprints.
‘The EU wants to return more failed asylum seekers, but at present this often fails because their identity is not sufficiently known. Wider registration of data could help. But this means that data such as name and nationality, which an asylum seeker provides in good faith at the beginning of the procedure, could later be used in a deportation.’ That would mean a sensitive expansion of the data collected on refugees and migrants at the European level. There are reasons for this, Vavoula said. ‘We see Eurodac evolving from merely a tool used within the Dublin regulation to a broader tool in European migration policy.’
Reviewed by artificial intelligence
Gathering more and more factual information also enables Eurodac to produce detailed statistics, something policymakers are eagerly anticipating. ‘Data on, for example, how many people came to Europe from Iraq, by what route, with what destination… One could extract patterns and correlations from all that data that map migration finely. That information is partly missing at the moment,’ says Niovi Vavoula.
‘Their handling of refugee data says a lot about how Europe thinks about migration’
Niovi Vavoula, lecturer in migration and security
Eurodac is gradually evolving into a policy analysis tool. And it doesn’t stop there, says the Migration and Security lecturer. ‘The EU wants to bet on the use of artificial intelligence in its data systems. Although there are no tangible plans on the table yet, I see that happening with Eurodac. Think, for example, of artificial intelligence analysing whether a refugee poses a security risk based on patterns in the data, or even assessing the value of an asylum application. We are not quite there yet, but I do see it moving in that direction.’
There are many question marks over this ever-growing EU data hunger. Biometric data is very sensitive and thus requires a high degree of protection. Eurodac stores data for 10 years, regardless of whether an asylum application is approved or not.
And then there is the question of to what extent one can speak of informed consent, Vavoula explains. ‘The power imbalance between the two parties does exist. Refugees have no idea what happens to their data. If they are informed at all, it says nothing about how this data will be used in the future.’
The handling of refugee data says a lot about how Europe thinks about migration, says Vavoula. ‘As a threat, something to be controlled or avoided. People have come to see refugees as a security risk rather than as people in need.’
Toon Lambrechts is a freelance journalist against all odds. He is featured not only in MO* Magazine and on MO.be, but also in Knack, EOS and Vice, among others.
This article was translated by Brita Vandermeulen.
Maak MO* mee mogelijk.
Word proMO* net als 2851 andere lezers en maak MO* mee mogelijk. Zo blijven al onze verhalen gratis online beschikbaar voor iédereen.