Paper: The nexus of data protection and counter-terrorism measures in the context of aid projects implemented in the Global South by EU/EEA-based NGOs

Paper details

Paper authors Beáta Paragi
In panel on Working in the Sahel
Paper presenter(s) will be presenting In-Person / Online


The relationship between aid and counterterrorism is complex. States and civil society organizations are required to comply with relevant laws and legal mechanisms in the context of aid work too. For counter terrorism has many dimensions, the measures may also affect human rights, among others. With regards to Africa, certain counter-terrorism measures, for example, the deployment of foreign military units in the Sahel takes a heavy toll on civilians. Earlier research also indicated that NGOs operating in the Global South collect and process personal data for contractual obligations required by donors in the context of counter terrorism finance (CTF) and anti money laundering (AML). It is, however, much less clear (i) how NGOs participate in CTF/AML work by screening and conducting background checks and (ii) how this purpose is communicated to individuals, that is, data subjects as most publicly available privacy notices fail to mention this practice.

The purpose of my paper is to explore how various EU/EEA-based NGOs comply with the counter-terrorism clauses enshrined in grant agreements in the context of data protection regulation, more precisely, the GDPR. Focusing on the principle of transparency and the right to information on the one hand and on the tech solutions (screening software used) on the other hand, a diverse set of research methods (desk research, online survey, qualitative interviews) were used to explore how various EU/EEA-based NGOs do screening in the context aid work. Privacy notices of Sahel-focused European NGOs are also scrutinized to illustrate certain political and legal dilemmas associated with this practice focusing on human rights, the transparency principle and the data subjects’ right to information. Results indicate that most NGOs can choose between complying with AML/CT-clauses (screening by use of legal tech solutions) or the GDPR (requiring NGOs to disclose to purposes of processing to data subjects).