Getty Images

EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s management of an aid fund

The European Ombudsman has found that the European Commission failed to take necessary measures to ensure the protection of human rights in the transfer of surveillance technology to African governments under the European Union’s multibillion Trust Fund for Africa (EUTFA).

The decision by the Ombudsman, the European Union’s (EU) official oversight body, follows a year-long inquiry into the Commission’s role in helping African governments to develop their surveillance capabilities.

Created in 2015, EUTFA-funded initiatives – which are managed day-to-day by the European Commission – have been implemented in 26 African countries across the Sahel and Lake Chad, the Horn of Africa and North Africa.

The inquiry itself was prompted by a complaint, submitted to the Ombudsman in October 2021, from Privacy International and five other human rights groups, which alleged that the Commission had failed to adequately assess human rights risks before agreeing to support projects in African countries with potential surveillance implications, including biometric databases and mobile phone monitoring technologies.

They further argued that under the EUTFA, which is primarily being used to manage migration from Africa to Europe, millions have been allocated to countries to provide them with digital tools to collect data from devices and build mass-scale biometric ID systems, while other funds have been used to train police in North Africa on wiretapping, monitoring social media users and decrypting intercepted internet content.

In its decision, the Ombudsman said that, having examined the documentation surrounding several EUTFA projects, there was no indication that proper human rights impact assessments were carried out.

“The Ombudsman has identified shortcomings in that the Commission was not able to demonstrate that the measures in place ensured a coherent and structured approach to assessing the human rights impacts of EUTFA projects,” it said.

“The Ombudsman finds it regrettable that the EUTFA projects in question were not subject to a clear human rights impact assessment, presented either as separate document or a separate section in the action documents.

It further noted, for example, that despite the EUTFA projects covered by its inquiry being implemented in countries with major governance issues and poor human rights records, the analysis conducted by the Commission focused more on logistical issues, and that any assessments of the human rights impacts were “sporadic and unstructured” at best.

It added that while the Commission itself considers the measures in place – including its multilayer approval process of projects; the use of specific “action” documentation for projects; and the possible suspension of funds – to be sufficient in safeguarding human rights, “the Ombudsman disagrees”.

As a result of its inquiry, the Ombudsman has suggested that for future EUTFA projects, the Commission must ensure there is a meaningful prior human rights impact assessment: “The Commission’s guidelines concerning the evaluation of EU Trust Fund projects, both in Africa and elsewhere, should require that an assessment of the potential human rights impact of projects be presented together with corresponding mitigation measures in a standalone document or as a separate, distinct section of each action document. The template of the ‘action document’ could be revised to reflect this.”

“This landmark decision in response to our complaint marks a turning point for the European Union’s external policy and sets a precedent that will hopefully protect the rights of communities in some of the most vulnerable situations for the years to come”
Ioannis Kouvakas, Privacy International

Commenting on the decision, Privacy International senior legal officer Ioannis Kouvakas said: “This landmark decision in response to our complaint marks a turning point for the European Union’s external policy and sets a precedent that will hopefully protect the rights of communities in some of the most vulnerable situations for the years to come.”

Homo Digitalis, one of the human rights groups involved in submitting the original complaint, added: “The shortcomings that the Ombudsman has identified prove that the Commission is not able to demonstrate that the measures in place ensure a coherent and structured approach to assessing the human rights impacts of EUTFA projects. This is an important first step, but we need specific accountability mechanisms in place to address violations of rights and freedoms in EUTFA projects. This cannot be ensured via just some revised templates.”

The six human rights groups that initiated the complaint are now calling on the Commission to urgently review its support for surveillance in non-EU countries, and to immediately implement the Ombudsman’s recommendations in their entirety. 

In October 2022, the groups were informed that the European Ombudsman had launched two additional inquiries into the European Border and Coast Guard Agency (Frontex) and the European External Action Service (EEAS), following two separate complaints they submitted against those agencies over similar failures to conduct human rights assessments of their surveillance technology transfers to non-EU countries.

In September 2022, a report from the Business & Human Rights Resource Centre found that surveillance technology companies were “deeply implicated” in human rights abuses against migrants across the Middle East and North Africa (MENA) region.

Specifically, it found that the companies involved operate with a distinct lack of transparency, and have failed to establish adequate grievance mechanisms for those affected by their products, noting that governments in the MENA region were increasingly “purchasing and using powerful digital tools, ranging from spyware and wiretapping tools to facial recognition technology, for targeted and mass surveillance”.

Dima Samaro, MENA regional researcher and representative at the Business & Human Rights Resource Centre, added: “Lack of adequate due diligence measures by private companies will only worsen the situation for those from marginalised communities, putting their lives in jeopardy as the absence of robust regulation and effective mechanisms in the region allows surveillance technologies to be operated freely and without scrutiny.”

An analysis of surveillance laws and practices in six African countries – conducted by the Institute of Development Studies (IDS) and the African Digital Rights Network (ADRN) in October 2021 – separately found that illegal state surveillance was being carried out with “impunity”, despite privacy rights being well protected on paper.

In June 2019, David Kaye, then the United Nations Human Rights Council’s mandated expert on freedom of expression, published a report that called for an immediate moratorium on the use, transfer and sale of surveillance tools globally.

During the council’s 41st session, where he presented his findings, Kaye described the international situation as a “surveillance free-for-all in which states and industry are essentially collaborating in the spread of technology that is causing immediate and regular harm to individuals worldwide”.

Read more about surveillance technology

Read more on IT governance