The EU must stop the digitalisation of the deportation regime and withdraw the new Return Regulation

On March 11, 2025, the European Commission published a new legislative proposal for a ‘Return Regulation’ which is set to expand the detention and deportation of migrant people, including children, in the EU (hereinafter referred to as Deportation Regulation).

The Deportation Regulation constitutes yet another offensive against migrants, reinforcing their criminalisation, contributing to far-right and security-oriented narratives and applying a punitive approach to all persons in an irregular situation and others who can be targeted with deportation. The proposal further expands the digital surveillance infrastructure underpinning the EU’s draconian data-driven policies in the areas of migration and policing. It builds on existing legislation that already allows for the indiscriminate use of harmful technologies, such as the EU Artificial Intelligence Act and the Pact on Migration and Asylum. 

The proposed regulation aims to increase deportation rates without addressing the complex factors that lead to people being threatened with deportation. In spite of its ‘Better Regulation’ principles, the Commission’s proposal is not accompanied by an impact assessment, following a now well established trend of maladministration in the area of migration policy-making. This also makes it extremely difficult to assess the proportionality of the measures proposed, as acknowledged by the European Data Protection Supervisor. 

The #ProtectNotSurveil coalition challenges the use of digital surveillance technologies, advocates for the rights of people to move and to seek safety and opportunities without risking harm, surveillance, criminalisation, or discrimination. 

For this reason we demand the end of the deportation regime and its digitalisation and call on the European Commission to withdraw its proposal and on the European Parliament and the Council to reject it. This should instead be an opportunity to work towards a meaningful alternative to current EU migration policies, which remains illegal, immoral, and unworkable.

How the Deportation Regulation expands the digital surveillance infrastructure  

• Bulk data collection and unlawful data sharing (Arts. 38-41) : Personal data collected for deportation purposes – including sensitive personal data (health data, criminal records) – could be accessed and repurposed by law enforcement agencies or other officials, and vice-versa. This undermines the principle of purpose limitation and erodes the already-thin firewall between administrative and policing functions.
• Unlawful data transfers to third countries outside of adequacy frameworks (Arts. 39-41):  the Regulation permits the sharing of personal and biometric data with countries that lack adequate data protection frameworks, with no effective oversight or redress mechanisms for the individuals concerned. It also allows for the sharing of sensitive data (health, criminal records) of people facing deportation.
• Technological management of detention facilities for migrants, on European territory and beyond: the expansion of the EU’s detention regime is at the heart of the new Regulation. This will lead to more people, including children and families, being held in prison-like facilities likely modelled on the EU-funded “Closed and Controlled Access Centers” already operating in Greece, characterised by phone surveillance, motion-sensors, cameras and fingerprint-access models. 
• Inclusion of people subjected to ‘European Return Orders’ in an opaque and mismanaged police database (Arts. 7-9) : the Regulation creates an ‘European Return Order’ (ERO), namely an harmonised form which will contain information related to deportation decisions valid throughout the whole EU territory. The Regulation will require national migration authorities to make the ERO available via the Schengen Information System (SIS II), which will make people’s personal data accessible to thousands of police officers across the EU and vulnerable to breaches and data leaks. SIS II is known for repeateddata abuse and non-compliance by police and immigration authorities, weak safeguards and systematic denial of people’s data protection rights.
• Expansion of control over people in an irregular situation (Arts. 23, 31-32): The proposed regulation not only foresees a major expansion of detention from 18 to to 24 months (Art. 32); it also foresees the possibility to ‘extend’ this time limit through the use of so-called ‘alternatives to detention’ (Art.31),  including electronic monitoring and GPS tagging, which have been widely criticised as being forms of de facto detention as highly stigmatising and invasive of privacy and freedom of movement.  In addition to this, the proposal introduces an obligation for all people in the deportation procedures to be allocated to a geographic area and/or reside at a specific address and/or comply with reporting obligations (Art. 23). While not specified in the text, this could also be implemented through the use of invasive surveillance and monitoring technologies.
• Tech-enabled racial profiling at the EU’s internal borders and within our communities (Art. 6):  the Regulation introduces a new obligation to step up the detection of undocumented people to enforce their deportation. This new provision incentivises mass racial profiling of anyone perceived to be undocumented, with race and ethnicity used as proxies for nationality or migration status. Such racial profiling would likely rely on increased use of surveillance technologies, such as mobile devices to conduct biometric identification.
• Arbitrary and inaccurate ‘security risk’ assessment used to enforce deportations (Art. 6): The Regulation expands “security risk” as a legal ground to enforce deportations. This broad and ill-defined categorisation creates a legal basis for authorities to use opaque and automated risk assessments — often powered by biased algorithms. The number of unlawful deportations would dramatically surge.

EU co-legislators: reject the proposal

We urge both the European Parliament and the Council to reject this proposal in its entirety. 

Evidence has shown, time and again, that expanding deportations does not increase safety, and only reinforces the harms of an already malfunctioning system. The inclusion of surveillance technology will only lead to more violence, marginalisation, and human rights abuses. The only people who will benefit are the agencies that inflate their budgets, and wealthy CEOs of private companies who fill their pockets off the back of lucrative contracts for border surveillance equipment.  

We also urge the European Commission to withdraw this proposal and immediately halt its punitive approach to migration, which only serves the economic interests of the technology and defence sectors, and the agendas of far-right groups. Once again, we urge the Commission to create policies that actually respond to the realities and needs of all people. 

What’s next

Later in 2025, the European Commission is also expected to publish a corollary legislation introducing new rules on the digital case-management of deportation procedures that will  strengthen a digital panopticon in the European Union.

As the #ProtectNotSurveil coalition, we will continue to challenge the use of digital technologies at different levels of EU policies and practices, and advocate for the ability of people to move to seek safety and opportunity without risking harm, surveillance or discrimination. The coalition will release a more detailed analysis of the digital impacts of the Migration Pact in due course. 

Signatories of the #ProtectNotSurveil coalition

• Access Now
• Equinox Initiative for Racial Justice 
• European Digital Rights (EDRi)
• AlgorithmWatch
• Border Violence Monitoring Network (BVMN)
• EuroMed Rights
• European Network Against Racism (ENAR)
• Hermes Center
• Homo Digitalis
• Platform for International Cooperation on Undocumented Migrants (PICUM)
• Share Foundation
• Statewatch