Background to the complaint

1. The complainant is a journalist who for some years has written about EU border issues and, in particular, the work of the European Border and Coast Guard Agency (Frontex).

2. On 27 September 2016, he asked Frontex to give him public access to all Serious Incident Reports relating to Frontex operations or joint operations that took place in Bulgaria between 1 January 2015 and 30 September 2016[1].

3. The Public Access to Documents Office of Frontex replied to the complainant on 18 October 2016 by granting him partial access to 21 Serious Incident Reports relating to a Frontex joint operation entitled ‘Flexible Operational Activities’.

4. The complainant then informed Frontex that Frontex had more than one joint operation in Bulgaria in 2015 and 2016. He thus asked whether there were more Serious Incident Reports, for instance relating to joint operation ‘Poseidon Land’.

5. The Public Access to Documents Office of Frontex replied on 24 October 2016. It stated that two Serious Incident Reports had been left out unintentionally. It granted him partial access to these reports on 28 October 2016.

6. On 24 October 2016, the complainant informed Frontex that a Frontex press officer had told him of three instances of summary deportations of refugees from Bulgaria and four instances of theft from refugees by Bulgarian police in 2015. He asked why he had not been given any Serious Incident Reports for these events.

7. On 26 October 2016, Frontex replied that it had found a few more Serious Incident Reports and that he would receive them some days later.

8. On 28 October 2016, the Public Access to Documents Office granted the complainant partial access to seven more Serious Incident Reports (including the two mentioned in paragraph 5 above) which dealt with fundamental rights violations and/or breaches of the Frontex Code of Conduct.

9. On that same day, the complainant sought a review of the way his request had been handled by submitting a so-called confirmatory application. He asked Frontex to justify all the redactions made in the Serious Incident Reports, many of which concerned debriefing interviews with migrants. He stated that on other occasions, Frontex had not redacted such interviews.

10. The complainant lodged his complaint with the Ombudsman soon after making his confirmatory application, on 2 November 2016.

11. On 22 November 2016, Frontex replied to the confirmatory application. It confirmed its initial decision.

12. Frontex justified the various redactions it made to the documents it disclosed on the basis of the exceptions to disclosure provided for in (i) Article 4(1)(b)^[2] of Regulation 1049/2001^[3], relating to the need to protect the privacy and the integrity of the individual; (ii) the third indent of Article 4(2)^[4] of Regulation 1049/2001, relating to the need to protect the purpose of inspections, investigations and audits; and (iii) the first indent of Article 4(1)(a)^[5] of Regulation 1049/2001, relating to the need to protect public security[6].

The inquiry

13. The Ombudsman opened an inquiry into the following aspects of the complaint: 1) Frontex consistently fails to identify the existence of all Serious Incident Reports in its possession concerning Frontex or joint operations in Bulgaria; 2) Frontex redacts the Serious Incident Reports it does identify in a manner which is not consistent with the exceptions set out in Regulation 1049/2001.

14. The Ombudsman’s office carried out an inspection of the Frontex file concerning this case and held a meeting with Frontex (hereinafter, the ‘meeting/inspection’) in order to provide Frontex with the opportunity to clarify why it had initially failed to identify some Serious Incident Reports that fell under the complainant’s request for public access to documents[7]. Later, the Ombudsman made a proposal for a solution to Frontex.  When proposing the solution, the Ombudsman took into account the arguments and opinions put forward by the parties.

Failure to identify Serious Incident Reports

The Ombudsman's proposal for a solution

The discovery of five relevant Serious Incident Reports

15. During the meeting/inspection, when the Ombudsman’s representatives were inspecting documents on screen together with a Frontex representative, who was manually retrieving one document after another, it was discovered that there were a further five Serious Incident Reports which, although they fell under the complainant’s request for access to documents, had not been previously identified. The Ombudsman proposed that Frontex ‘disclose to the complainant, in full or, if necessary, partially, the Serious Incident Reports whose existence was discovered during the Ombudsman’s meeting/inspection. Such disclosure should take place without delay’.

16. In its reply to the Ombudsman’s proposal for a solution, Frontex informed the Ombudsman that on 2 June 2017, the Transparency Office disclosed to the complainant the five Serious Incident Reports identified in the course of the meeting/inspection. The complainant acknowledged receipt on that same day.

Deficiencies in Frontex’s searches

17. The Ombudsman noted the importance of having a comprehensive recording system which allows fundamental rights violations to be identified and dealt with. She considered that Frontex has such a system in place but pointed out that the public’s trust in the recording system is equally important. Thus, she stated that, to avoid giving the wrong impression (for example that Frontex prefers to hide fundamental rights violations rather than to deal with them), the transparency of the system should be guaranteed.

18. The Ombudsman pointed out that this case had highlighted organisational and technical deficiencies in the searches which Frontex carries out to respond to requests for public access to documents which present them with certain challenges (for instance, there were no dedicated transparency case handlers and the IT tool in which Frontex records Serious Incident Reports, that is, the Joint Operation Reporting Application known as ‘JORA’, does not include a ‘search by keywords’ option, which means that every operation involving Bulgaria had to be searched manually to reply to the complainant’s request). In this case, a somewhat inadequate IT search system combined with human error led the complainant to suspect that Frontex had deliberately withheld documents from him. The Ombudsman recognised the steps taken by Frontex to improve its response to requests for public access to documents (for example by establishing a Transparency Office). However, she pointed out that the deficiencies highlighted by this case needed to be addressed.

19. The Ombudsman took the view that the possibility, which was being considered by Frontex, of performing a ‘search by keywords’ was essential to save time and reduce the risk of human error. Thus, the Ombudsman proposed that Frontex ‘take steps to develop, as soon as possible, tools which allow for a smoother identification of documents, such as the tools required to carry out a ‘search by keywords’ within JORA’.

20. In its reply to the Ombudsman’s proposal for a solution, Frontex informed the Ombudsman that it has taken the appropriate measures to develop the necessary features within the JORA application that allow a more thorough search to be performed. Frontex specified that a free text field search was introduced in the application for Incident and Serious Incident Reports (which are the documents requested through applications for access to documents).

Redaction of Serious Incident Reports in a manner which is not consistent with the exceptions set out in Regulation 1049/2001

The Ombudsman's proposal for a solution

21. The Ombudsman reiterated the Ombudsman’s long-standing position that, in view of the objectives pursued by Regulation 1049/2001, in particular, the aim of ensuring the widest possible access to documents held by the EU institutions^[8], any exceptions to this principle have to be interpreted narrowly^[9]. Furthermore, the principle of proportionality requires that exceptions to the general rule, that access must be given, remain within the limits of what is appropriate and necessary for protecting the defined objective public and private interests which are set out in those exceptions^[10].

22. The Ombudsman pointed out that, according to settled case-law, the mere fact that a document concerns an interest protected by an exception to disclosure is not sufficient to justify the application of that exception: such application may be justified only if access to that document could specifically and effectively undermine the protected interest. Moreover, the risk of the protected interest being undermined must not be purely hypothetical and must be reasonably foreseeable[11].

Insufficient explanations for the redactions made

23. The Ombudsman commented on the redactions which Frontex made to the disclosed documents on the basis of the exception to disclosure relating to the need to protect the purpose of investigations[12]. The Ombudsman considered that, with the exception of one document (unnumbered Serious Incident Report dated 24 November 2014[2015][13]), the redactions made to the documents in question were justified and not excessive. Yet, in the Ombudsman’s view, the explanations given by Frontex for the redactions did not always satisfy the requirements imposed by the Court of Justice of the European Union for the exception to apply[14]. Therefore, the Ombudsman proposed that Frontex ‘make a commitment to better explain any redactions/non-disclosure it will make in future on the basis of the third indent of Article 4(2) of Regulation 1049/2001’. It should explain in what way disclosure of a document or of certain redacted parts thereof would specifically and effectively undermine the protection of the purpose of an ongoing investigation. The Ombudsman gave further advice on how such an explanation could be provided.

24. In its reply to the Ombudsman’s proposal for a solution, Frontex stated it had taken careful note of the advice provided. It added that, since the staff dealing with access to documents requests are aware of the applicable case-law, Frontex was confident that they will carefully scrutinize any use of the exceptions listed in Article 4 of Regulation 1049/2001. It stated that a network of case handlers has been set up. The case handlers have received training and further training will take place.

Excessive redactions

25.  The Ombudsman also commented on the redactions which Frontex made to the disclosed documents on the basis of the exception relating to the need to protect public security[15]. She pointed out that this exception is not subject to an ‘overriding public interest’ test and that the Court of Justice of the European Union has recognised the wide discretion enjoyed by the institutions in areas covered by the mandatory exceptions to public access to documents, provided for in Article 4(1)(a) of Regulation No 1049/2001^[16]. 

26. The Ombudsman noted that Frontex is under an obligation to explain how disclosure of the requested documents could specifically and actually undermine the public interest as regards public security and to show that the risk of the interest being undermined is reasonably foreseeable and not purely hypothetical^[17]. To be able to provide this explanation, an individual assessment of each document is to be carried out to determine which parts could undermine public security. Moreover, it is important for Frontex to have a consistent approach.

27. It appeared to the Ombudsman that, although Frontex had given specific and cogent reasons for the redactions made, some Serious Incident Reports had been redacted excessively. In the Ombudsman’s view, this constituted a manifest error of assessment, which she invited Frontex to correct. Therefore, the Ombudsman made a proposal that Frontex ‘reassess the redactions it made to unnumbered Serious Incident Report dated 24 November 2014 [2015], unnumbered Serious Incident Report dated 13 March 2015, Serious Incident Report 15, and Serious Incident Report 361, with a view to granting further partial access to them’.

28. In its reply to the Ombudsman’s proposal, Frontex informed the Ombudsman that it reassessed the redactions it had made to the four Serious Incident Reports mentioned in the preceding paragraph and that it released them fully to the complainant, except for one word which it redacted on the basis of the exception relating to the protection of personal data.

29. On a general note, Frontex expressed its satisfaction with the Ombudsman’s complaints handling procedure and with the way in which the Ombudsman’s staff had engaged proactively with Frontex staff during the inspection/meeting. It stated that the Ombudsman’s findings had been warmly welcomed within Frontex, since they not only helped raise awareness about needed improvements but also constituted valuable advice. It added that the findings should assist Frontex in improving its public access to documents process, increasing internal communication and enhancing transparency.

The Ombudsman's assessment after the proposal for a solution

30. The Ombudsman invited the complainant to comment on Frontex’s reaction to her proposals for a solution. However, he did not avail himself of this opportunity.

31. The Ombudsman welcomes Frontex’s positive reaction to her proposals for a solution and is pleased to note that Frontex has taken action to implement them.

Conclusion

Based on the inquiry, the Ombudsman closes this case with the following conclusion:

A solution has been found.

The complainant and Frontex will be informed of this decision.

 

Emily O'Reilly

European Ombudsman

Strasbourg, 17/11/2017

 

[1] A Serious Incident is defined by Frontex as an event or occurrence, whether it be natural or caused by human action, which may affect, or be relevant to a Frontex mission or its image, or the safety and security of the participants on the mission. It includes violations of Fundamental Rights, EU law, international laws related to access to international protection and the Frontex Code of Conduct. Serious Incident Reports are collected and analysed by a Frontex Situation Centre.

[2] Article 4(1)(b) of Regulation 1049/2001 provides: “1. The institutions shall refuse access to a document where disclosure would undermine the protection of:

...

(b) privacy and the integrity of the individual, in particular in accordance with Community legislation regarding the protection of personal data.”

[3] Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents, OJ 2001 L 145, p. 43.

[4] The third indent of Article 4(2) of Regulation 1049/2001 provides: “2. The institutions shall refuse access to a document where disclosure would undermine the protection of:

...

- the purpose of inspections, investigations and audits, unless there is an overriding public interest in disclosure.”

[5] The first indent of Article 4(1)(a) of Regulation 1049/2001 provides: “1. The institutions shall refuse access to a document where disclosure would undermine the protection of:

(a) the public interest as regards:

- public security,

...”

[6] For further information on the background to the complaint, the parties' arguments and the Ombudsman's inquiry, please refer to the full text of the Ombudsman's proposal for a solution, available at:https://www.ombudsman.europa.eu/cases/solution.faces/en/86210/html.bookmark

[7] When opening the inquiry, the Ombudsman informed Frontex that during the inspection, her inquiry team wished to hear Frontex on the following issues:

“1. How does Frontex carry out its task of identifying the documents which fall under a request for access to documents?

2. In its e-mail of 28 October 2016 to the complainant, Frontex stated “technical issues related to [its] search system” led to the failure to identify a number of documents. What were these technical issues and what has Frontex done to solve them?”

[8] Article 1(a) of Regulation 1049/2001. Regulation 1049/2001 is applicable to Frontex by virtue of Article 74 of Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC, OJ 2016, L 251, p. 1.

[9] Judgment of the Court of Justice of 18 December 2007, Sweden v Commission, C-64/05 P, ECLI:EU:C:2007:802, paragraph 66 and judgment of the Court of Justice of 1 February 2007, Sison v Council, C-266/05 P, ECLI:EU:C:2007:75, paragraph 63.

[10] Judgment of the Court of Justice of 6 December 2001, Council v Hautala, C-353/99 P, ECLI:EU:C:2001:661, paragraph 28.

[11] Judgment of the Court of Justice of 17 October 2013, Council v Access Info Europe, C-280/11 P, ECLI:EU:C:2013:671, paragraph 11.

[12] In accordance with the third indent of Article 4(2) of Regulation 1049/2001.

[13] The  Ombudsman noted that at the end of unnumbered Serious Incident Report dated 24 November 2014 [2015], it was stated that “the Bulgarian Border Police will not continue with further investigations.” The Ombudsman considered that, unless some other body was also carrying out investigations into the incident reported in this Serious Incident Report, Frontex was not entitled to invoke the exception to disclosure envisaged by the third indent of Article 4(2) of Regulation 1049/2001 to refuse disclosure of the redacted parts of this document. Therefore, unless Frontex was able to identify another exception to disclosure that was applicable to this document at the time when it refused disclosure of the redacted parts, it was obliged to grant the complainant full access to it.

[14] See also the Ombudsman’s Draft Recommendation in Case 257/2013/OV, paragraph 41: “... it is not sufficient to state that an investigation was ongoing at the relevant time. It is also necessary to determine whether disclosure of the requested documents would, given their specific content, undermine the purpose of that ongoing investigation.”

[15] In accordance with the first indent of Article 4(1)(a) of Regulation 1049/2001.

[16] See judgment of the General Court of 26 April 2005, Sison v Council, T-110/03, T-150/03 and T-405/03, ECLI:EU:T:2005:143, paragraphs 46 and 47 (upheld on appeal C-266/05 P); and judgment of the Court of Justice of 3 July 2014, Council v in 't Veld, C-350/12 P, ECLI:EU:C:2014:2039, paragraph 63.

[17] See judgment in Council v in 't Veld, C-350/12 P, cited above, ECLI:EU:C:2014:2039, paragraphs 52 and 64.