On 16 February 2023, the German Federal Administrative Court (BVerwG) ruled that the practice of regularly analysing data carriers, including mobile phones, by the Federal Office for Migration and Refugees (BAMF) when registering asylum applicants is illegal (BVerwG 1 C 19.21). The judgement arrives after the Gesellschaft für Freiheitsrechte’s (GFF) efforts to reveal this practice’s details and take legal action against its use in the asylum procedure. In this post, we briefly overview this practice and analyse this judgement and its implications. We argue that although this judgement represents an important victory for asylum seekers’ and refugees’ data protection and privacy, some controversial aspects of this practice still require clarification.
Mobile phone data analysis in the asylum procedure: a controversial practice in European countries
Nowadays, we use mobile phones to connect to our families, friends and communities and express our opinions and emotions. In these small devices, we collect a huge amount of everyday memories, photos and information about us and others. Our smartphone is undoubtedly one of the most intimate and private “digital spaces”. Unsurprisingly then, when Mohammad, recognised as a refugee in Germany in 2015, was asked by the BAMF during a review of his asylum application in 2019 to give out his phone and unlock it, he felt as if he were handing his “whole life over the table”.
The BAMF in Germany has used mobile phone data analysis during the asylum procedure since 2017. Several other European states have been using this practice for a while. According to an EMN study published in 2017 (p. 32), confiscating mobile phones and other data devices to identify a third-country national was standard practice in the Netherlands and Estonia and optional in Croatia, Germany, Lithuania and Norway. Our research shows that this practice was also implemented by the police in the Netherlands, Norway, Denmark and the UK (AFAR Report 2023, p. 50-55). Legislative changes have been made in Belgium, Austria and Switzerland too, but we have yet to find any evidence for its use in these countries. In countries where this practice is possible, smartphones can be seized, extracted and analysed to determine the identity of asylum seekers in asylum and removal decision-making.
This practice was largely unknown until civil society organisations started investigations and took legal action against it. In the UK, a lawsuit filed by Privacy International resulted in a judgement by the High Court of Justice which declared the Government’s blanket policy of search and seizure of mobile phones of migrants illegal under domestic law and the ECHR (see R(HM and MA and KH) v Home Dep, March 2022). In Germany, complaints were filed about the practice in Administrative Courts in Berlin, Hanover, and Stuttgart, as well as with the Federal Data Protection Commissioner by GFF. In June 2021, the Berlin Administrative Court (VG Berlin) upheld the complaint by GFF (VG Berlin, Urteil vom 01.06.2021 – 9 K 135/20 A). The BAMF then appealed to the BVerwG through a so-called “jump appeal”. On 16 February 2023, the Court confirmed that extracting data from asylum seekers’ mobile phones, without considering less intrusive means, is illegal (BVerwG 1 C 19.21 press release). In this post, we analyse the law and the practice behind this case and illustrate the implications of this judgement. We argue that although the judgement represents a significant victory for the rights of asylum seekers and refugees, some aspects of this practice still require further clarification.
Mobile phone data analysis in Germany: the gaps between law and practice
In Germany, this practice is regulated by law. Legislative changes to the Asylum Act (AsylG) and the introduction of the Law on Better Enforcement of the Obligation to Leave the Country in 2017 allowed the BAMF to share data with other authorities and to oblige asylum applicants to hand in their data carrier if they are not able to provide a passport. According to German law (in particular §15a AsylG and §48a AufenthG), analysing mobile phone data is permissible for two purposes: 1) establishing the identity and nationality of the foreigner in asylum procedures (§15a (1) AsylG) or 2) enforcing removal to another country when the foreigner does not possess a valid passport or identity document (§48 (3a) AufenthG).
In such cases, asylum seekers must provide access data to unlock their phones (§48 (3a) AufenthG). Alternatively, the telecommunication provider can be required to provide the data used to protect access to devices (§ 48a (1) AufenthG). Once the phone is unlocked to enable the so-called “read-out” (Auslesen), the device is linked to a computer, which analyses the data and produces a results report (Auswerten). The results report contains information on the country codes of contacts stored on the phone, country codes related to incoming and outgoing calls and messages; languages used in incoming and outgoing messages; country endings of the browsing history; login names and addresses used in applications such as Facebook, and finally, geodata obtained from saved photos and applications (AFAR Report, p. 51).
In light of the intrusive nature of this practice, German law sets some safeguards and conditions for analysing mobile phone data. First and foremost, the principle of necessity, which allows the analysis of data only when their identity or nationality cannot be established by “milder means” (§15a (1) AsylG and §48(3a) AufenthG). Where there is reason to believe that analysing data carriers would provide only insights into the core area of private life, the measure is not permissible (§48(3a) AufenthG). Moreover, the data can be analysed only by employees qualified for holding judicial office (§48(3a) AufenthG).
However, these conditions and safeguards were not respected in the practice of BAMF. First, the measure’s necessity was not assessed ex ante when analysing the data but only ex post before using the report in the asylum procedure. In the case at stake, the applicant, an Afghan national, applied for asylum in Germany without presenting a valid passport or passport substitute. On the 15th of May 2019, she filed a formal asylum application. As proof of identity, she submitted a marriage certificate and a so-called tazkira, a national ID document issued by the Afghan authorities. At this stage, the officers had not considered whether her identification was possible with milder means but asked her to hand over her mobile phone and unlock it. The data in her mobile phone were analysed by a computer, which generated a report. Later, on May 28th, the Federal Officers responsible for deciding on asylum applications requested access to the report. In response to the request, the appointed Federal Officer released it, stating that the data analysis was necessary and proportionate.
Second, under the law, only after the data analysis is assessed as necessary can asylum seekers be obliged to unlock their phones (§48(3a) AufenthG). In practice, however, before data extraction, asylum seekers are obliged to sign a form as requested by the BAMF. On this form, they can tick the refusal box that states, “I am aware that this refusal will regularly lead to the asylum procedure being discontinued, as I am thereby violating my obligation to cooperate in the asylum procedure” (see the form here). Therefore, the form must be signed by the applicant or else his/her application will most likely not be processed. Consequently, the applicant becomes obliged to comply with this process and enter the relevant passwords to unlock their device, even if the measure’s necessity has not been assessed yet.
In this case, after the mobile phone data report was released, the applicant’s asylum claim was rejected. With the aid of GFF, in May 2020, the rejected applicant filed an application to the Administrative Court in Berlin, objecting to the reading and evaluation of her mobile phone data. The gap between law and practice was at the core of the judgements.
The decision of the Federal Administrative Court
On the 1st of June 2021, VG Berlin declared the order to unlock the phone was disproportionate and, therefore, unlawful. The prerequisites of necessity required by §15a AsylG were absent, as the identification of nationality could have been achieved by milder means.
The key issue in judgement was when the BAMF must assess the measure’s necessity. In the Court’s view, the word “analysis” (Auswertung) includes intermediate steps of data collection, storage and generation of the report. In this case, however, while data analysis took place on May 15 during the asylum claim registration, the measure’s necessity was assessed only on May 28, when the Federal Officers in charge of the asylum procedure requested access to the report. Worryingly, collecting, storing and analysing mobile phone data before assessing the necessity of data collection was not an isolated case but a widely implemented practice within BAMF as part of the asylum procedure. As the Court highlights, in the second quarter of 2019, among all the cases where “precautionary” data were analysed, in only 40% of the cases, the officials requested to release the report. The VG Berlin concludes its decision by referring the “fundamental question” of whether the practice of “regularly” analysing data at the time of registration of asylum applications complies with German law directly to the Federal Administrative Court (“jump appeal”).
On the 16th of February 2023, the BVerwG confirmed the judgement in the first instance. The Court ruled that the BAMF’s regular evaluation of mobile phone data during the registration of asylum seekers who lack passports or passport substitute documents, without giving sufficient consideration to other available information and documents, is not lawful. In the plaintiff’s case, more lenient means were available, including the verification of tazkira, marriage certificate, register comparisons, and the possibility of making inquiries to the interpreter about possible linguistic abnormalities. The Court also confirmed that the request to share access data required a proportionality assessment of the measure, which in this case, was absent. Therefore, the BVerwG concluded that the request (as explained above, in practice, a non-refusable request) to unlock a mobile phone during the registration of an asylum seeker and the subsequent data analysis were disproportionate and illegal.
The BAMF’s illegal practice must stop
This judgement of the BVerwG is a clear victory for asylum seekers’ data protection and privacy rights. The BAMF’s illegal practice, which prioritised data accumulation over the right to privacy, must stop. As it emerges from the first judgement, data were collected “by default” since the registration phase. In fact, the statistics from 2019 show that officials requested the data analysis report only in less than half of the cases. More recent statistics show that out of 16,032 analysed data carriers, only 3,128 reports were requested. Following the request, the necessity of the measure was confirmed in 2,066 cases. In other words, in most cases, data analysis was unnecessary. The repercussions of this judgment, beyond the individual case, are stark. The BAMF will not be allowed to force asylum seekers and refugees to unlock their devices and collect their data by default; they will be able to do so only after an individual assessment of necessity.
The decision of the BVerwG is also an important reminder of the crucial role of the proportionality principle in the world of AI, machine learning, and Big Data. The use of new technologies must be 1) necessary and 2) suitable for the purpose it aims to achieve. The case at stake focused, in particular, on the first aspect. The necessity test demands considering first the least intrusive means to achieve the goal, such as, in this case, “the evaluation of submitted documents, the implementation of register comparisons, queries from other authorities or inquiries to the language mediator about language problems” (VG Berlin, VG 9 K 135/20 A). Adhering to this principle will have important consequences in practice. The fact that the BAMF will have to assess ex ante whether data analysis is necessary will sensibly reduce cases of mobile phone data collection, as there will be milder means to confirm an asylum seeker’s identity in most cases.
Also, the second aspect of the proportionality principle should be considered: the suitability test. Suitability is “a rational connection between the measure and the purpose: the measure [that is] assessed must be fit for the achievement of the goals it sets” (Lorenzo Dalla Corte 2022, OUP). This principle, therefore, calls into question whether mobile phone analysis can be a suitable method to identify a person. If not, this measure should not be permissible at all, even when necessary. For example, GFF finds that mobile phone data can be unreliable due to either insufficient data or conflicting data resulting from the use of the device by multiple individuals (see GFF 2020 Report, p. 29). According to the statistics from 2022, the data analysis report provided unusable findings in 67.6% of cases. This is not surprising, as existing research shows that asylum seekers and refugees often share their mobile phones throughout their displacement and migration journey (Gillespie, et al. 2018). The suitability of this method is, therefore, controversial. In the first instance, the VG Berlin found that mobile phone data analysis was a suitable and sufficient method to verify an applicant’s identity and nationality against the claimant’s argument. The Presiding Judge of the BVerwG, though, expressed his concerns in an interview, by acknowledging that a mobile phone does not identify someone’s nationality. In order to analyse the Court’s opinion on this point, we will have to wait for the publication of the full judgement.
Unclarified aspects of the practice
While the BVerwG has clarified that the practice by the BAMF violates the Asylum Act (AsylG), what remains to be seen is whether it complies with EU data protection law. Under the GDPR, data processing should be ‘adequate, relevant and limited to what is necessary’ (Article 5 GDPR). In this case, however, the indiscriminate processing of data stored in mobile phones calls into question the principle of data minimisation. Moreover, under the GDPR, lawful data processing requires a clear legal basis, such as consent or legitimate interest (Article 6 GDPR). Clearly, the form provided by the BAMF does not rely on applicants’ informed consent. As mentioned above, applicants were forced to unlock their devices and have their data processed in light of their duty to cooperate. As reported by GFF, the form that applicants are obliged to sign does not explain what data will be collected, how it will be processed, whether they can object to such processing or which authorities they can lodge a complaint. According to the descriptions given by both the persons concerned and their lawyers, there is also no verbal explanation of what happens with the data (GFF Report).
The lack of information and transparency clearly contrasts with Article 15 of GDPR and affects asylum seekers’ procedural rights. BAMF claims that asylum seekers can explain any contradictions or ambiguities during their interview process. However, asylum seekers are not informed about what data exactly is collected from their phones. Without understanding how the report is generated, asylum seekers cannot answer decision-makers’ related questions, thereby hindering their right to be heard and to challenge the decision. One should also bear in mind that asylum seekers are in a particularly unequal position vis-a-vis the authorities while their claim is being assessed and become obliged to accept authorities’ requests during the application and assessment period. If their claim is rejected, they must leave the country, which leaves them little option to challenge the practice they were subjected to legally. It is, therefore, even more, important for this practice to be transparent and overseen.
To conclude, can the BAMF continue using mobile phone data extraction in asylum decision-making? The answer from the BVerwG is yes, but only where no other milder measures are available. The legal challenge against the BAMF, however, is still ongoing. A decision by the Federal Data Protection Commissioner is still pending and will hopefully take a closer look at the compatibility of German law with the GDPR.
Acknowledgements: This post has been written as part of our work for the Algorithmic Fairness for Asylum Seekers and Refugees (AFAR) project, funded by the Volkswagen Foundation. The AFAR project is a consortium between Hertie School, the University of Copenhagen, the University of Zagreb, the European University Institute and the University of Oxford. We thank our team members, the editors of Verfassungsblog and Lea Beckmann from the Gesellschaft für Freiheitsrechte (GFF), for sharing their insights.