Human Rights Watch on Thursday alleged that the United Nations refugee agency improperly collected and shared personal information from ethnic Rohingya refugees with Bangladesh, which shared it with Myanmar to verify people for possible repatriation.
According to HRW, the UN did not conduct a full data impact assessment, as its policies require, and in some cases failed to obtain refugees’ informed consent to share their data with Myanmar, the country they had fled.
Since 2018 the UN High Commissioner for Refugees (UNHCR) has registered hundreds of thousands of Rohingya refugees in Bangladeshi camps and the Bangladesh government has issued them identity cards, which are needed for essential aid and services.
Bangladesh then used the information, including analog photographs, thumbprint images, and other biographic data to submit refugee details to the Myanmar government for possible repatriation.
The Myanmar government continues to carry out the crimes against humanity of apartheid and persecution against the remaining Rohingya population.
In a statement, HRW says they interviewed 24 Rohingya refugees about their registration experiences with UNHCR in Cox’s Bazar, Bangladesh and spoke to 20 aid workers, analysts, local activists, journalists, and lawyers who observed or participated in the Rohingya registration.
They have also sent detailed questions and its research findings to UNHCR in February and April, and received responses from UNHCR on May 10.
Between 2018 and 2021, the Bangladesh government submitted at least 830,000 names of Rohingya refugees to Myanmar along with biometric and other data for each person, for repatriation eligibility assessments. Myanmar reportedly agreed to allow about 42,000 Rohingya to return.
UNHCR told Human Rights Watch that it played no role in drawing up these lists but that the names and other data included in the lists submitted from 2019 onwards, including biometrics, came from analogue versions of the data it had gathered during the joint registration exercise, for example, non-digital thumbprint images.
UNHCR has a policy and practical guidance to protect personal data that it collects on beneficiaries and shares with third parties. The policy specifies that “before entering into data transfer arrangements with Implementing Partners or third parties which may negatively impact on the protection of personal data of persons of concern, UNHCR needs to carry out a Data Protection Impact Assessment (DPIA).”