Erfolgreiche Beschwerde[Update] EU-Agentur Frontex soll per Mail antworten

Decision on issues related to how the European Border and Coast Guard Agency (Frontex) communicates with citizens in relation to its access to documents portal (Joined Cases 1261/2020 and 1361/2020) The case concerned primarily Frontex’s decision not to communicate any more by email with individuals who request public access to documents. Frontex obliges requesters to use its online access portal. This causes problems for requesters, that could easily be avoided, as well as for online transparency platforms that civil society organisations have set up to help further the EU’s aim of work ing as openly as possible. The Ombudsman could not find justifications for Frontex’s decision. She issued a recommendation that Frontex should allow requesters to communicate with it by email, without resorting to its current access to documents portal. She additionally ask ed Frontex to inform itself of the best practice that the European Commission has identified in this respect for its new public access portal, and to implement this best practice as soon as possible. The Ombudsman further suggested that Frontex should dedicate the resources that are required for handling the large number of access requests that it is lik ely to receive on a regular basis going forward. She also suggested that Frontex should draw up a detailed manual on how it handles public access requests, and publish that manual. Frontex rejected the Ombudsman’s recommendation to allow requesters to communicate with it by email. Frontex also did not respond substantively to the suggestion that it inform itself of, and implement, the related best practice of the European Commission. The Ombudsman closes the inquiry with a finding of maladministration. With regard to the Ombudsman’s other suggestions, Frontex stated that it had recently assigned an additional half-time post to the handling of requests for public access to documents, and announced that it will draw up a manual as suggested by the Ombudsman. Earlier in the inquiry, Frontex implemented the Ombudsman’s proposals to revise its copyright statement and to mak e documents in its public access accounts available for two years. It also agreed to introduce a dedicated email address for submission of appeals. Brussels                Strasbourg                   Postal address                + 33 (0)3 88 17 23 13 Rue Froissart 87        Havel Building - Allée Spach 1 Av. du Président R. Schuman ombudsman.europa.eu B-1000 Bruxelles        F-67000 Strasbourg           CS 30403 F-67001 Strasbourg Cedex

Background to the complaints 1. In January 2020, Frontex introduced a new system for handling requests for public access to documents 1. The new system requires a requester to log in to an account/space that is created for the request. 2. The complainants in this case were concerned about several aspects of the new system and related practices. They took the view that Frontex’s new portal introduced features that made it a cumbersome and complex process to request documents from it. These features were, in summary, not in line with the requirement s of the EU legislation on public access to documents to ensure the “easiest possible exercise” of the right of access (Article 1(b)), to “promote good administrative practice on access to documents” (Article 1(c)), and to ensure that requests for access to documents “shall be handled promptly” (Articles 7(1) and 8(1)). 3. A core issue was Frontex’s decision to oblige requesters to use its new access portal and not to communicate with them by email any more2. Whilst not arguing that the EU’s public administration is generally obliged to use emails in all administrative procedures that involve citizens, they considered that Frontex’s choice was not in line with the standards applicable here. They drew particular attention to a specific consequence of that choice, which was that the communications and documents that Frontex sends to requesters can no longer be published automatically on online portals that European civil society organisations have created to further the openness of the EU administration 3. This is because their automatic publication technically depends on the communication being done by email. The complainants argued that Fr ontex’s decision is not in line with the European Ombudsman’s finding in case 104/2020/EWM: "Fulfilling requests via online portals is an effective means of complying with [the] obligation [to give the fullest possible effect to the right of access and t ake into account the public interest in the wider disclosure of documents requested] . Where [a requester] has specifically stated that this is their preferred medium for receiving the response to their request and any documents to which public access is granted, institutions 1 Frontex is subject to Regulation (EC) No 1049/2001 on access to documents when handling requests for access to documents held by it, by virtue of Article 114 (1) of the Frontex Regulation, implemented through the Frontex Management Board Decision No 25/2016 of 21 September 2016. (Regulation 1049/2001: Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents, https://eur-lex.europa.eu/legal - content/en/TXT/?uri=CELEX:32001R1049; Frontex Regulation: Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 Nove mber 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624 , https://eur- lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019R1896; Decision of the Frontex Management Board: https://prd.frontex.europa.eu/wp- content/uploads/mb_decision_25_2016_on_adopting_practical_arrangements_regarding_pad.pdf). 2 Frontex uses email communications only to notify requesters whenever there is new content on the access account. When this happens the requester receives a link to the access account with a hyperlink, and then has to go through a cumbersome process to access the content in question. 3 asktheeu.org: https://www.asktheeu.org/en, established in 2011. For an example of how it works, see: https://www.asktheeu.org/en/request/letters_to_commission_and_counci#outgoing-21623 It is based on a system that is now used in 25 jurisdictions around the world: http://alaveteli.org/deployments/ FragDenStaat, https://fragdenstaat.de, also established in 2011. For an example of how it works, see: https://fragdenstaat.de/anfrage/klimawandel-5/ 2

should comply with that request unless there is very good reason (which should be explained) for them not to do so. This is a matter of good administration as well as a means of complying with the legal obligation to give the widest possible public access." (Paragraph 11 4.5) 4. The complainants also referred to the fact that refusing to communicate with requesters by email is unusual. The EU administration, and notably the original addressees of the EU legislation on public access to documents (Parliament, Council and Commission), communicate with requesters by email. 5. The complainant moreover pointed to the following issues: 1) When Frontex disclosed documents, it referred systematically to ‘copyright’ and stated that it prohibited the requester from making the documents available to third parties without its authorisation.6 2) Frontex blocked access to the account created for requests 15 days after it had sent its initial reply. 6. The complainants expressed concerns as to whether Frontex had intentionally introduced practices that compromise the exercise of the fundamental right of public access to documents. How Frontex communicates with citizens in relation to its access to documents portal The Ombudsman's proposal for a solution 7. In her solution proposal of May 2021, the Ombudsman made the following findings regarding the main issue, that is, Frontex’s decision not to communicate any more by email (emphasis added): “[Frontex’s] new public access portal appears not to provide for the option of receiving Frontex’s reply and documents directly by email. In addition to constituting a new hurdle for individuals, this reduces the seamless technical communication with some online transparency platforms operating in Europe.” 4 https://www.ombudsman.europa.eu/en/decision/en/124793 5 To see how Frontex’s practice results in a message that asks the requester to log on to the access account, as opposed to providing the document as such (“New information regarding your [request] is available under this link”), see: https://www.asktheeu.org/en/request/correspondence_between_frontex_r#incoming-36989 To see how staff at a transparency site have had to upload the documents manually that Frontex made available in the access account only, see: https://fragdenstaat.de/anfrage/frontex-social-media-guidelines/#nachricht-574618 6 On the issue of copyright, Frontex’s internal decision regarding public access to documents merely provides that “This Decision is without prejudice to any existing rules on copyright which may limit a third party’s right to reproduce or exploit disclosed documents” (Article 16). In its replies to citizens requesting public access, it systematically included this message: “Kindly be reminded that the copyright of the document/s rests with Frontex and making this/these work/s, available to third parties in this or another form without prior authorisation of Frontex is prohibited.” 3

“Frontex should, when it receives requests for public access to documents through civil society platforms or when it is otherwise the express wish of [a requester], send its replies by e-mail and not through its public access portal. This means that the actual reply to a request for access to documents or to a confirmatory request - and not only a notification to access Frontex’s public access portal - should be sent to [a requester] by e-mail, unless there is a very good reason (which should be explained) for Frontex not to do so.” 8. In addition to this, the Ombudsman proposed that Frontex should no longer use the copyright statement it was then using, and that it should ensure that documents in its public access accounts are available for at least two years. The Ombudsman moreover noted the following possibility for improvement: Frontex could, in its replies, indicate a dedicated email address through which requesters can submit appeals against non- disclosure (‘confirmatory application’). 9. Frontex implemented the Ombudsman’s proposals to revise its copyright statement 7 and to make documents in its public access accounts available for two years. It also agreed to introduce a dedicated email address for submission of appeals. 10. Frontex continues, however, not to communicate substantively with requesters by email. It uses emails merely as a means of drawing requesters’ attention to new content on the access portal, which they then have to log in to. 11. Frontex suggested, in summary, that it would have problems managing public access requests (processing, deadlines...) if it had to send its replies and disclose documents by email. 12. In response to the Ombudsman’s observation that other EU institutions appear to work differently, it described its new system as being a “bespoke solution” that helps to “achieve administrative fairness for both [requesters] and Frontex”. The Ombudsman’s recommendation 13. The Ombudsman welcomed Frontex’s implementation 8 of her proposals referred to in paragraphs 8 and 9 above. 14. The Ombudsman expressed regret that Frontex did not implement her proposal that Frontex should - when expressly or implicitly asked - communicate substantively and directly with requesters by email, that is send requesters its content-messages and documents by email. 15. The Ombudsman did not obtain convincing explanations for this choice. On the contrary, the Ombudsman was most concerned about the vagueness of Frontex’s response. 7 The copyright notice, which the Ombudsman has accepted, now reads as follo ws: “Subject to any intellectual property rights of third parties, the document/s may be reused provided that the source is acknowledged and that the original meaning or message of the document/s is not distorted. Frontex is not liable for any consequence resulting from the reuse of this/these document/s.” 8 This was not mentioned as such in Frontex’s reply to the solution proposal, but came about following subsequent exchanges with the Ombudsman’s inquiry team. 4

16. The Ombudsman is aware that Frontex receives many requests for access to documents, and that some requests concern many documents. 17. Intense interest in Frontex’s work is, however, inherent to the nature of its core activities. Frontex is directly involved in highly sensitive activities that impact on the fundamental rights of people who are often in precarious situations. It is to be expected that Frontex will receive many requests for public access to its documents. It is for Frontex to dedicate the necessary resources to meet this task. 18. The EU legislation on public access to documents is an instrument with democratic objectives, introduced on the conviction that openness helps the public administration to “enjoy greater legitimacy and is more effective and more accountable to the citizen in a democratic system”9. It imposes on the EU administration the obligation to grant the widest possible public access to its documents and to do so in accordance with principles of good administration, for instance by providing the most ser vice-minded environment possible. 19. When EU institutions take measures to implement their obligations under the EU legislation on public access, an important starting point are the best practices that are already being implemented across the EU administration 10. 20. The complainants in this case have rightly pointed out that a decision not to communicate any more with requesters by email does not reflect a general or best practice in the EU administration. 21. Over the years, the EU institutions have taken both administrative and technical measures to enable the smoothest possible communication with the online platforms referred to above. In particular the three main institutions follow a clear policy of making it possible for those platforms to function properly. They have accepted that, by doing so, any member of the public can follow their processing of access requests online. 22. Emails remain one of the most important electronic communication tools. Frontex has taken a decision of major importance by deciding not to communicate with requesters by email any more. It did so while being aware of the negative consequences that this would have for the citizens who use the above-mentioned platforms. 23. In light of the above considerations, the Ombudsman concluded that it is maladministration by Frontex not to offer individuals the possibility of communicating with it by email in relation to their requests for public access to documents . The Ombudsman therefore issued this recommendation: 9 Recital 2. 10 Article 15 of the regulation: “Administrative practice in the institutions 1. The institutions shall develop good administrative practices in order to facilitate the exercise of the right of access guaranteed by this Regulation. 2. The institutions shall establish an interinstitutional committee to examine best practice, address possible conflicts and discuss future developments on public access to documents.” 5

Frontex should ensure seamless technical communication with [requesters] for public access to documents, allowing them to communicate with it by email in full and without resorting to its current access to documents portal. In examining this recommendation, Frontex should inform itself of the best practices that the European Commission has identified in its current project to introduce a public access portal11, and implement such best practices as soon as possible. In addition, the Ombudsman made the following suggestions for improv ement: Frontex should dedicate the resources that are needed for handling the predictably large number of access requests that it is likely to receive on a regular basis going forward. Frontex should draw up a detailed manual on how it handles public acc ess requests, and publish that manual. Frontex’s opinion on the Ombudsman’s recommendation 24. In its opinion on this case12, Frontex rejected the Ombudsman’s recommendation to allow requesters to communicate with it by email. Frontex moreover did not commit to, or substantively comment on, the recommendation to follow the recent example of the European Commission to give citizens the choice of submitting their requests by email as well as through an account on its new online portal. 25. Frontex made a number of observations. 26. It stated that emails are no longer “a main common means of communication”. 27. It repeated its view that it cannot be obliged to take measures to enable automatic uploading of its replies on external platforms, such as the established platforms referred to in this inquiry. 28. It suggested that its current way of handling access request s help, in particular, to ensure equal treatment of requesters. 29. It reiterated that it would face serious administrate difficulties managing requests for access to documents if it were to communicate with requesters by email. 30. It stated that it would remove the requirement of using a captcha for requesters to log in to an existing account of their public access request. This would potentially enable automatic transfers of its answers to online platforms. It will nonetheless maintain the 11 The Commission’s portal was launched after the Ombudsman had issued her recommendation to Frontex: https://ec.europa.eu/transparency/documents-request/home 12 Frontex’s opinion is published on the Ombudsman’s website: https://www.ombudsman.europa.eu/en/doc/correspondence/en/1 64109 6

captcha requirement for the initial creation of such accounts. This, however, will be made disability friendly. 31. It will collaborate with other EU institutions to improve, on a continuous basis, its handling of requests for public access to documents. (It did not mention how.) 32. With regard to the dedication of resources to the handling of requests for public access to documents, it recently assigned an additional half time post to its Transparency Office. 33. Finally, it will draw up a manual on its handling of requests for public access to documents, and publish it on its website. The Ombudsman's assessment after the recommendation 34. The Ombudsman considers it most regrettable that Frontex has decided to reject her recommendation. Frontex has not put forward new arguments in its opinion on the recommendation. The Ombudsman will therefore close this inquiry with a finding of maladministration. 35. The are several reasons why Frontex’s decision to reject the recommendation is regrettable and disconcerting. 36. In the first place, the Ombudsman cannot see that sufficient consideration has been given to the particular objectives and obligations here concerned. Unlike other administrative procedures that by their nature are somewhat lengthy and involve persons who act in a professional capacity, the fundamental right of access to documents is one that must be possible to exercise in the easiest and, if that is the requester’s preference, most transparent manner possible. Related administrative and technical features must respect principles of good administration and the requirements of the EU legislation on public access to ensure the “easiest possible exercise” of the right of access (Article 1(b)), to “promote good administrative practice on access to documents” (Article 1(c)), and to ensure that requests for access to documents “shall be handled promptly” (Articles 7(1) and 8(1)). 37. The Ombudsman concluded that Frontex’s decision not to communicate any more by email with individuals who exercise this fundamental right was not in line with those principles and requirements. 38. Frontex’s continuing refusal to allow individuals - when they so request - to communicate with it by email for the purpose of requesting access to documents is not based on credible administrative-technical arguments. It should for instance be entirely possible to handle access requests efficiently whilst agreeing to exchange all correspondence and documents by email. The Ombudsman explained this already13. Frontex responded in general term only. 39. Frontex continues not to recognise that the use of its online portal is characterised by unnecessarily complex technical features. As pointed out in the annex to the 13 Cf. Annex, paragraph 2, of the Ombudsman’s recommendation https://www.ombudsman.europa.eu/en/recommendation/en/157393 7

Ombudsman’s recommendation, the log-in requirements for users of the Frontex portal seem excessive. In its opinion, Frontex said that it will now remove the ‘captcha’ requirement for “existing” access to documents cases, but appears to intend to continue to include a captcha requirement “on the landing page for first time [requesters]”. Whilst this may allow for better technical communication with some online platforms 14, the requirements (initial captcha, ‘token’, email and ‘case ID’) remain unnecessarily complex. After all, users normally log on with a username and a password to access public websites that contain far more sensitive information than what, logically, Frontex’s portal on public access to documents will contain.15 40. Frontex’s opinion suggests that Frontex does not give much weight to the best practices of other institutions despite such common best practice efforts being foreseen in the EU legislation on public access 16. Frontex did not respond to the Ombudsman’s suggestion that it inform itself of, and implement, the related best practice of the European Commission. It merely replied that it will continue collaborating with other EU institutions (what this means in practice is unclear). In its new access to documents portal, the Commission allows citizens to communicate with it by email for the purpose of requesting access to documents 17. It would have been appropriate for Frontex to look into this choice and to address it in its opinion. 41. Frontex’s opinion, similar to its previous replies, does not give the impression that Frontex has genuinely internalised the EU’s recognition of the importance of civil society for the Union’s democratic culture and governance 18. It does not seem to attach importance to the fact that the functioning of its portal had severe negative consequences for the functioning of well-established online platforms set up by civil society, platforms that Frontex was familiar with before setting up its portal. This is different from the approach of, for instance, the European Commission, which has for many years accepted and engaged well with such platforms. 42. In the Ombudsman’s experience, citizens are ready to understand that EU institutions and bodies occasionally have hesitations about disclosing a certain document. A regular dialogue between citizens and public authorities in this regard is normal and likely to continue. However, in addition to the proper and sincere handling of individual access requests, it is good administration to ensure that the public generally does not have reason to hold the impression - be it rightly or wrongly - that active measures are being taken to work against the objectives of the EU legislation on public access to ensure “the easiest possible exercise” of the right of access to documents and “to promote good administrative practice on access to documents.”19 The Ombudsman regrets that, in light of this inquiry, she 14 The complainant FragDenStaat (1261/2020/PB) informe d the Ombudsman that, without the captcha, it would possibly be feasible to reconfigure their software to provide for automated com munication. 15 Frontex’s portal does not reflect findings or guidelines previously issued by the Ombudsman, and moreover appears not to have been preceded by discussions with experienced users. 16 Article 15 of Regulation 1049/2001 (see footnote 10 above). 17 https://ec.europa.eu/transparency/documents-request/guidance#how_can_i_submit_request 18 “The institutions shall maintain an open, transparent and regular dialogue with representative associations and civil society.” (Article 11(2) of the Treaty on the European Union), and “Civil society is a key component of Europe’s fundamental rights architecture. (...) it contributes to a healthy rule of law culture”, EUROPE’S CIVIL SOCIETY: STILL UNDER PRESSURE ― UPDATE 2022, the EU’s Fundamental Rights Agency: https://fra.europa.eu/sites/default/files/fra_uploads/fra -2022-protecting-civic-space_en.pdf 19 “Article 1 8

is not in a position to rebut as unreasonable such an impression in relation to Frontex’s access to documents portal. Conclusion Based on the inquiry, the Ombudsman closes this case with the following conclusion: Frontex’s decision not to offer individuals the possibility of communicating with it by email in relation to their requests for public access to documents is maladministration. The complainants and Frontex will be informed of this decision. Emily O'Reilly European Ombudsman Strasbourg, 15/12/2022 Purpose The purpose of this Regulation is: (a) to define the principles, conditions and limits on grounds of public or private interest governing the right of access to European Parliament, Council and Commission (hereinafter referred to as "the institutions") documents provided for in Article 255 of the EC Treaty in such a way as to ensure the widest possible access to documents, (b) to establish rules ensuring the easiest possible exercise of this right, and (c) to promote good administrative practice on access to documents.“ 9