Migration management: data protection is one of the last lines of defence for vulnerable individuals

The EDPS published on 28 May 2025 an Opinion on the Proposal for a Regulation establishing a common system for the return of third-country nationals staying illegally in the EU.

The objective of the Proposal is to ensure the effective return and re-admission of third-country nationals illegally staying in the EU by providing Member States with simplified and common rules.

In light of the impact of the proposal on concerned individuals’ fundamental rights, including on their rights to privacy and to the protection of personal data, the EDPS considers that an in-depth fundamental rights impact assessment should be carried out to better identify and mitigate potential risks.

The EDPS also makes several specific recommendations, related to:

• the right to information given to individuals regarding the reasons for return decisions;
• the alignment of the proposal with the applicable EU legislation on data protection and  other legal acts linked to the Pact on Migration and Asylum; and
• the safeguards in case of transfers to third countries of personal data of concerned individuals.

Wojciech Wiewiórowski, EDPS, said: “The EDPS acknowledges the need for a more effective enforcement of existing EU and EU Member States’ laws in the areas of migration and asylum. At the same time, data protection – as fundamental right listed in the Charter - is one of the last lines of defence for vulnerable individuals, such as migrants and asylum seekers approaching EU external borders. Therefore, the proposed EU-wide approach must be based on full respect for fundamental rights, including the rights to data protection and privacy.”

The advice in the EDPS Opinion is specific and clear. In particular, the EDPS recommends to outline specifically the legal possibility to limit the disclosure of information about the reasons in fact justifying a return decision. Such limitations should be applied only in exceptional cases, where it is strictly necessary, such as where disclosure would be contrary to the interest of State security. The EDPS also underlines the importance of ensuring that third-country nationals subject to a return procedure receive information about their rights as data subjects. In line with already adopted legal acts in the area of migration and asylum, the EDPS recommends making explicit reference to the rights conferred by the applicable EU data protection law.

The EDPS also highlights the need for additional safeguards in case of transfers of personal data relating to criminal convictions of third-country nationals. These transfers should be subject to a strict necessity test and must not lead to handing down or executing a death penalty, or any form of cruel and inhuman treatment. Furthermore, the EDPS recommends further specifying the conditions under which the personal data of children may be transferred to the third country of return, after a thorough assessment that the transfer is in the minors’ best interest and will not endanger their well-being.