COMPLAINTS:  1261/2020/MAS and 1361/2020/MAS

Case title: How the European Border and Coast Guard Agency (Frontex) deals with requests for public access to documents

Date: Thursday, 05 November 2020

Location: Remote meeting via Webex

Present

European Border and Coast Guard Agency (Frontex)

Head of Inspection and Control Office

Senior Legal Officer

Publications and Production Team Leader

Senior Assistant Legal Officer

Assistant Legal Officer

SharePoint Developer and Administrator

Applications Specialist

Legal Trainee

ICO Project Support Officer

European Ombudsman

Mr Spoerer Markus, Inquiries Officer

Mr Bonnor Peter, Principal Legal Officer

Inquiries Trainee

 

Purpose of the meeting

The meeting was part of a joint inquiry into two complaints on how Frontex deals with requests for public access to documents and more specifically into Frontex’s portal for public access to documents (‘the portal’).

The purpose of the meeting was to discuss the issues raised by the complainants, in particular: i) the fact that Frontex exclusively replies to requests for access to documents through the portal and not by e-mail or via external portals if requested; ii) the fact that documents disclosed through the portal are accessible only for 15 working days following their disclosure; iii) the lack of a possibility to further communicate with Frontex via its portal after this period; iv) the fact that all disclosed documents contain a copyright disclaimer; v) the way that Frontex requests clarifications from applicants; and, vi) potential issues opening annexes sent via Frontex’s portal.

The meeting also served to clarify an issue raised in complaint 948/2020/MIG, namely the fact that Frontex does not provide for the possibility of securely uploading copies of ID cards into their system. The meeting was moreover an occasion to follow up on a suggestion for improvement that the European Ombudsman made in her decision in case 104/2020/EWM.

Introduction and procedural information

The meeting took place remotely via Webex on 5 November 2020 from 11:00h to 14:15h.

The European Ombudsman’s inquiry team thanked Frontex’s representatives for attending the meeting. All participants were briefly introduced. The European Ombudsman’s inquiry team outlined the legal framework applicable to meetings and inspections held by the European Ombudsman.

The European Ombudsman’s inquiry team explained that a report on the meeting would be drawn up and that Frontex would have the opportunity to review the report before it would be sent to the complainants for comments. The European Ombudsman’s inquiry team informed the Frontex representatives that they should signal any confidential information disclosed during the meeting and that such information would not be shared with the complainant without prior agreement of Frontex.

Information exchanged

1. Background and creation process of the portal

a. Reasons for the development

The Frontex representatives informed the European Ombudsman’s inquiry team that Frontex’s  decision to create the portal and its underlying tool arose from the proposal for a solution of the European Ombudsman in case 1616/2016/MDC, which identified some organisational and technical shortcomings in Frontex’s dealing with requests for public access to documents. The European Ombudsman had proposed to Frontex to take steps to develop tools which allow for a smoother identification of documents in the context of requests for public access to documents. In addition, Frontex has experienced an increasing number of requests, and therefore handling applications with the aid of a dedicated system was seen to be necessary, because the mailbox was not considered to be sufficient to accommodate voluminous sets of documents, track deadlines and monitor complex cases. The Frontex representatives recalled that the European Ombudsman, in the context of case 1616/2016/MDC, had encouraged Frontex to develop an IT tool to improve its overall processing of applications for public access to documents. The Frontex representatives further explained that personal data of Frontex staff, which was accidentally released in communications with applicants^[1] is still visible on AskTheEU despite Frontex requests to its operator to remove it. Frontex therefore considered it necessary to optimise the internal procedure.

The Frontex representatives stressed that online portals such as FragDenStaat and AskTheEU were  not able to handle numerous or bulky attachments in the past.^[2] They recalled that these online portals state on correspondence that bulky e-mails should be uploaded separately.

b. Yearly number of applications for public access

In the past years, the number and complexity of applications has significantly increased. In 2018, Frontex has received 152 applications for public access to documents, 255 applications in 2019 and around 220 until 5 November 2020.

Detailed statistics on public access to documents are included in an annex to Frontex’s Annual Activity Report, which is adopted as a Management Board decision for the preceding year and includes the statistics as well as further information regarding public access to documents as required by Regulation (EC) No 1049/2001.^[3] While the main body of the report is available in all EU languages on Frontex’s website, the annexes are not published in all EU languages. Frontex stated that it will consider modifying its practice by including statistical information on public access to documents in all published reports.

c. Development process of the portal/tool

Frontex initiated the process to develop the new portal/tool in 2018. After consulting several EU bodies and its own Legal and Procurement Unit (LPU), Frontex decided to develop a system similar to that of the European Medicines Agency (EMA).

Project development meetings took place from March 2019 until September 2019 and involved IT and technical experts, LPU and Frontex’s Media and Public Relations Office (MPR). The Project board, formed by the Deputy Executive Director, the Head of the Budget, Financial and Corporate Services Unit (BFCS), Information and Communication Technology Unit (ICT), and the MPR, supervised the adoption and implementation. The portal/tool became operational on 15 January 2020.

Frontex did not implement the project on the basis of a fixed and detailed set of functional and technical specifications (copies of which could therefore not be provided), but instead applied a step-by-step approach (in summary, ‘agile project management’). Frontex could nonetheless send the European Ombudsman’s inquiry team a number of decision-making documents related to that process, if so required.

The Frontex representatives further explained that there was a test run during the implementation phase which was based on mock requests for access to documents and that it conducted several user acceptance sessions.

d. Stakeholder consultation

When asked whether Frontex conducted stakeholder consultations before or during the development of the portal/tool, the Frontex representatives stated that Frontex had conducted an internal stakeholder consultation, involving the members of the services that would later work with the portal and of the Project Board. Frontex did not consult the general public. It found that, bearing in mind all requirements of Regulation (EC) No 1049/2001, setting up the portal was a purely administrative issue and an internal decision of the Agency.

2. Functionalities and operation of the portal

The portal/tool is designed to be user-friendly, including making numerous and/or bulky attachments immediately available, to minimise the risk of human error and to ensure that personal data of staff is not released. In particular, the portal/tool introduces a number of organisational improvements. Inter alia, it allows access to the registration history, monitoring of deadlines and includes a better search tool. It is based on and integrated into Frontex’s existing IT infrastructure.

Applications are automatically registered in the tool/portal. Whenever a new document or message is uploaded by Frontex, a link which allows access to the portal is sent to the applicant by e-mail. Applicants can contact Frontex directly through the portal, while their request is active.

The system automatically informs case handlers about new applications for access to documents. Once applicants have sent a copy of their ID card or other forms of identification by e-mail, internal and external deadlines start to run and can be monitored via the system.

The Frontex representatives gave a live demonstration showing step-by-step how applications for public access to documents are received and handled.

Frontex organises on a regular basis in-house training sessions on public access to documents. In addition, case handlers have the opportunity to receive external training organised by the European Commission. Moreover, the system itself allows direct access to a data base of the public case law and to the European Ombudsman’s published decisions related to public access to documents.

3. Issues raised by the complainants

a. Exclusive use of the portal/restriction of the possibility to submit and to receive documents by e-mail

Frontex considers it sufficient that applicants receive an e-mail notification containing all log-in information to the e-mail address indicated in the communication whenever a new notification is available for them, from which they can log on and access the document in question. If technical issues arise on the applicant’s side, it is up to the applicant to address these issues. Past issues that the complainant’s organisation (FragDenStaat) had in accessing Frontex’s replies via its portal seem to have been addressed, and FragDenStaat users can now access Frontex’s portal by using the e-mail addresses assigned to them by FragDenStaat, which are one element of the log-in information and which are also always made available again in the e-mail notification sent by Frontex.

Frontex stated that it received applications via online portals such as FragDenStaat and AskTheEU in the form of emails, the footers of which stated the following in English or German: “Please reply to [email address assigned by online portal]”. In addition, the emails indicated that large files  should be uploaded in a system which is set up outside the respective online portal.

The Frontex representatives pointed to the advantages of the portal for applicants, including the fact that applicants see all of their communication with Frontex in one place. In addition, the portal allows for bulky and large numbers of documents to be submitted easily.

An advantage on Frontex’s side is that Frontex can control with whom documents are shared, which helps to prevent the dissemination of personal data accidentally included in the correspondence.

The Frontex representatives explained that Frontex is generally flexible when handling  applications for public access to documents and that it assists the applicants as much as possible, including by telephone (inter alia with one of the complainants). In the past, Frontex has, for instance, organised a meeting via Skype in relation to a complex request from a researcher, or provided a CD and USB keys with audio-visual content by ordinary mail. Frontex considers that its handling of applications is in line with the Code of Good Administrative Behaviour and the requirements of Regulation (EC) No 1049/2001, including Article 10(1) of Regulation (EC) No 1049/2001, which refers to the preferred medium of the documents, as opposed to the view expressed by one complainant.

b. Possibility for applicants to submit documents (such as copies of ID cards) 

The Frontex representatives confirmed that there is no possibility to upload documents (such as a copy of an ID card or other means of identification when requested by Frontex) directly in the portal. For that reason, Frontex asks that copies of ID cards or other means of identification are submitted by e-mail. The submitted documents are instantly deleted upon verification of the applicant’s eligibility. For IT security reasons, Frontex cannot accept submission of such copies via third-party websites and storage systems.

c. Long-term accessibility of documents and correspondence received through the portal

Replies to registered applications are sent via the portal and the applicant is granted access to the portal for 15 working days. Afterwards, the application is closed automatically, based on the deadlines set out in Regulation (EC) No 1049/2001 and access is no longer possible. Before the closure, applicants can download the documents directly. They can also save conversations by using the print screen function.  The screenshots provided by the complainants to the European Ombudsman were produced this way.

The automatic closure allows Frontex to keep track of the deadlines.  

Frontex can re-open applications at the applicant’s request to allow access at a later stage, where needed, and has done so in the past, including with the complainants.

Frontex intends to systematically publish on its Public Access to Documents Registry all the documents to which it grants access. This is without prejudice to the development of Frontex’s Register of Documents.

d. Communication after a case is closed and confirmatory applications

Once the public access to documents procedure is closed, the applicant can still contact Frontex via the contact form on Frontex’s website on public access to documents. This form should also be used for confirmatory applications. The Frontex representatives confirmed that, further to the legal remedies, applicants are informed that “You can submit your confirmatory application by post or electronically.” Frontex considers that it does not limit the applicant’s choice of medium to submit an application in writing at both the initial and the confirmatory stages. Requests pertaining to applications can be sent through the other communication channels indicated on Frontex’s website.

Frontex noted that the public access to documents application PAD-2020-00084^[4] submitted through FragDenStaat, which gave rise to the complaint, had been closed on 7 July 2020, when the reply, including documents, was  sent to the applicant. Like in similar cases mentioned above, Frontex re-opened also this case and re-sent the access information on 21 December 2020. Frontex considers that this demonstrated that the communication between FragDenStaat and the Frontex portal is possible.

e. Copyright of Frontex documents and the use of a copyright mark

Frontex claims copyright over all documents it produces and to which it provides public access.  This copyright disclaimer protects visual identity elements, such as the Frontex logo. In addition, the copyright is meant to prevent distortions or misuse of the content of documents to which public access is granted.

The disclaimer is included directly in the body of a reply granting access to documents. The applicants can use the documents only in accordance with the principle of fair use.  Frontex allows use of their documents to researchers, but requires that the applicant includes a copyright mark.

Frontex has the understanding that its copyright rules are similar to those of, for instance, the European Commission.

Frontex has not enforced this copyright so far. Regarding the complainants’ reference to Directive (EU) 2019/1024, the Frontex representatives  stressed that Directives are addressed to Member States only as stated in its Article 21.

Frontex conducted a comparison of best practices regarding copyright policy in general of EU Institutions on the use of copyright disclaimers when drawing up its own policy.

The Frontex representatives said that they would provide the European Ombudsman’s inquiry team with a copy of the documentation concerning Frontex’s copyright policy, as well as a copy of a letter including a copyright disclaimer.

 f. Potential issues opening documents sent via the Frontex portal for public access to documents

The Frontex representatives informed the European Ombudsman’s inquiry team where in the portal annexes are available for immediate download. They are not aware of any general related technical problems and stated that they have immediately followed-up on alleged issues, all of which turned out to be unsubstantiated. The Frontex representatives demonstrated how documents can be directly downloaded from the portal.

g. Type of clarifications Frontex requests from applicants for public access to documents

The Frontex representatives explained that they asked for clarifications when requests are very broad or vague. They referred to the necessity of doing so in light of Frontex’s ability to ascertain which documents are requested. The Frontex representatives stated that for this reason, applications have to be sufficiently precise “to enable the institutions to identify the documents” as laid down in Article 6(1) of Regulation (EC) No 1049/2001. In order to be able to retrieve the documents in such cases, Frontex obtains further specifics, for example by using other means of communication , and/or seeks to reach a fair solution with the applicant within the meaning of Article 6(3) of Regulation (EC) No 1049/2001 as elaborated in the jurisprudence of the European Court of Justice. This enabled Frontex to meet its deadlines in 100% of the cases, despite the challenging working conditions imposed, inter alia, by Covid-19.

4. Follow-up to the European Ombudsman’s decision in case 104/2020/EWM on Frontex refusal to deal with a request for public access to documents based on procedural grounds

The Frontex representatives explained that applications submitted through online portals (such as AskTheEU and FragDenStaat) reach Frontex as emails, containing an email address in the “From:” field which is repeated in the footer of these mails. Frontex sends the link through  its portal to the e-mail address provided by the respective online portal. To access Frontex’s portal, the complainants need their own e-mail address and a token, which is provided by Frontex. It appears that the online portals in question automatically remove all e-mail addresses from Frontex’s reply, including the e-mail address assigned to the complainants by the portal and repeated by Frontex in its e-mail link.

The Frontex representatives explained that this issue, which Frontex considers to be beyond its sphere of influence, has now been resolved, because users of the online portals in question have been able to access their replies via the Frontex portal in the recent past and also submitted new applications through the online portals directly to Frontex’s portal.  Frontex considers that its portal is fully compatible to handle requests sent through the online portals and it  complies with the European Ombudsman’s decision in case 104/2020/EWM as it accepts applications in “any written form“ as required by Article 6(1) Regulation (EC) No 1049/2001 and replies to applicants to the e-mail address they provided or from which they initiate communication.

The Frontex representatives clarified that they consider that Frontex cannot be held responsible for technical shortcomings of online portals.

5. Awareness of current practices and future plans in other institutions

The European Ombudsman’s inquiry team reported about the European Commission’s plan to create a dedicated portal for public access to documents applications. They set out their understanding of the Commission’s view on whether or not the use of a portal can be made mandatory under Regulation (EC) No 1049/2001.

The Frontex representatives reiterated that Frontex accepts applications submitted by e-mail or by post. Frontex replies to applications sent by e-mail via its portal and sends the login data and the direct link by e-mail including all log-in data. The Frontex representatives also referred to the practice of some EU institutions, which solely accept their own gateway for any communication regarding public access to documents, whereas Frontex accepts written communication received through the platform as well as by email and regular mail. Other entities send replies – especially to confirmatory applications - in the form of registered letters indifferent of the means through which an application has been received. Frontex recalled that it accepts any written communication including to its email addresses and postal mail and uses the same medium to reply as the applicant used. The Frontex representatives considered that, by doing so, Frontex implements Ombudsman decisions 104/2020/EWM and also takes into consideration decision 682/2014/JF.

6. Further topics raised by the complainants in the main and supplementary complaints

Before concluding the meeting, the Frontex representatives addressed further issues brought forward by the complainants, including the submission of confirmatory applications for cases that were closed months ago and thus outside the statutory deadlines of Regulation (EC) No 1049/2001. Furthermore, one of the complainants made an appeal to the European Ombudsman regarding an initial application the reply to which had also been sent months ago and had not been contested through a confirmatory application by the applicant.  The Frontex representatives highlighted that it does not collect any log-in information of applicants using the Frontex portal. Finally, the Frontex representatives explained that Frontex would have followed up on the issues raised by  anonymous sources mentioned by the complainants, if they had approached Frontex.

7. Documents provided to the European Ombudsman’s inquiry team

In the context of the meeting and shortly thereafter, Frontex provided the European Ombudsman’s inquiry team with the following documents:

• Annual reports including annexes with statistics on public access to documents for the years 2010 to 2019
• Statistics sheet on public access to documents
• Examples of communication with applicants
• Project documentation prepared for the Project Board
• Frontex copyright policy
• Power Point presentation prepared for the joint inquiry meeting

Conclusion of the meeting

The European Ombudsman’s inquiry team thanked the Frontex representatives for their time and the explanations provided, as well as for the documents provided during the course of the meeting.

Brussels, 28 January 2021

Markus Spoerer                                                                              Peter Bonnor

Inquiries Officer                                                                             Principal Legal Officer

 

[1] For example in case: https://www.asktheeu.org/en/request/evaluation_of_frontex_drone_oper  and in case https://www.asktheeu.org/en/request/procedure_of_readmisson

[2] For example in case CMS-2019-00006-0578 sent to a “@Fragdenstaat.de” email address on 6 August 2019 and in case CMS-2018-00008-0240, where an applicant asked that a zip file be shared with her not to an  “@asktheeu.org” email address where the documents had been sent initially but through “WeTransfer”.

[3] See Management Board Decision 14/2020 of 29 June 2020 adopting the annual activity report 2019 and its assessment (2020): https://frontex.europa.eu/assets/Key_Documents/MB_Decision/2020/MB_Decision_14_2020_adopting_the_Annual_Activity_Report_2019_and_its_assessment.pdf; Management Board Decision 12/2019 adopting the annual activity report 2018 and its assessment (2019): https://frontex.europa.eu/assets/Key_Documents/MB_Decision/2019/MB_Decision_12_2019_adopting_the_annual_activity_report_2018_and_its_assessment.pdf.

[4] https://fragdenstaat.de/anfrage/operational-plans-for-joint-operation-poseidon-2018-and-2019/, see also PAD-2020-00193,  https://fragdenstaat.de/anfrage/internal-inquiry-into-human-rights-violations-committed-by-frontex/ Frontex noted with concern that in these cases Frontex’s reply letters were made public by one of the complainants. These contained personal data of a Frontex staff member.