EU wide availability of personal data of third country nationals for migration and security purposes – the challenge of ensuring fundamental rights safeguards


Ann-Charlotte Nygård
Head of Unit, Technical Assistance and Capacity Building EU Fundamental Rights Agency (FRA)


When Member States take decisions impacting on the future lives of third country nationals, they are increasing relying on digitally stored information available in EU wide information systems.

Presently, fingerprints of asylum seekers and persons having irregularly crossed the EU external border are collected in the European Dactyloscopy (EURODAC).  Data on visa applicants are collected in the Visa Information System (VIS).. The Schengen Information System, which until now includes data to support the management of borders and criminal law enforcement will be expanded to support also return in the future.

Additional categories of persons are foreseen to be included in these systems. All returnees will be added to the Schengen Information System, not only those having been issued an entry ban. The Commission has proposed changes to VIS according to which it would include not only applicants for short stay visas but also applicants for residence permits. It has also proposed changes to Eurodac meaning that in addition to data on irregular migrants apprehended at the external borders, also data on those apprehended inside the Member States will be added.

New IT systems are being set up. The Entry-Exit System (EES) will register all short term visitors coming to the EU. The European Travel Information and Authorisation System (ETIAS) will carry out pre-border checks of visa free travellers. In addition, the European Criminal Records Information System for third country nationals (ECRIS-TCN) will include fingerprints and facial images of third country nationals convicted of crime, to indicate which Member States hold a criminal record on a specific third-county national.

All EU IT systems, except ETIAS, use or will use biometric identification. In addition to fingerprints, facial recognition technology is foreseen to be introduced, as an additional biometric identifier, following technological and legal developments. What makes the use of biometrics special is not only that they connect the person to information stored in various systems. Rather, biometrics are unique to the person in question and are considered as the most reliable method to identify a person.

Virtually all third country nationals will be included in the EU IT systems. But, one and the same person can be registered under different identities. To reinforce the existing purposes, through two interoperability regulations covering borders and visa as well as asylum, migration, police and judicial cooperation, the IT systems will be able to speak to each other and help in establishing the correct identity of a person. The multiple identity detector connects biometric data of the same person stored in different systems through colour coded links. The core identification data will be stored in the Common Identity Repository, which will include biometric, biographic and travel document data.

Cross-use of the IT systems to access personal data of third country nationals is strengthened through the new interoperability legislation. They can be used to support security, fighting serious crimes and terrorism as well as apprehending and returning irregular migrants, through allowing authorities to check a person’s migration status.

Fundamental rights that may be affected

Fundamental rights risks may essentially emerge from the weak position of the individual whose data are stored in the information systems. IT systems operate in the ‘background’, outside the realm of public scrutiny. Moreover, the various categories of third-country nationals – applicants for international protection, migrants in an irregular situation, visa applicants or everyday travellers – may have difficulties in understanding how the use of data stored in the systems influence decision-making. They may not be aware that their data can be used for several purposes. 

The new and amended legislation on EU IT systems strengthens fundamental rights safeguards. The interoperability regulations notably introduce a horizontal fundamental rights clause in Article 5, specifically providing for protection against discrimination. It also refers to the duty to respect human dignity and integrity and fundamental rights, including the right to private life and data protection. Particular attention should be paid to the elderly, persons with disability, and persons in need of international protection. The best interest of the child shall be a primary consideration. The right to protection of personal data is central and the General Data Protection Regulation and the Police Directive apply of course.

There are various ways fundamental rights may be impacted, both negatively as well as positively, as FRA work on EU IT systems and their interoperability shows. In addition to the right to respect for private life and the right to protection of personal data, laid down in Articles 7 and 8 of the EU Charter of Fundamental Rights, a number of other rights are affected.

Important data protection safeguards are the principle of transparency and the right to information. The person concerned must have the possibility to exercise his or her right to information concerning the purpose of the data processing. The right to information is also a principle of good administration. Ensuring the right to information when data is collected for storage in interoperable IT systems may be a challenge considering the many purposes of use of the data. The right to information is also a precondition for the person to be able to exercise the right of access, correction and deletion in case of inaccurate data.

To support authorities to effectively ensure the right to information, FRA has together with the Eurodac Supervision Coordination Group produced a guide on the right to information when taking fingerprints for EURODAC. Interoperability improves access to data and safeguards need to be upheld to prevent unlawful access or sharing of data. Personal data of asylum seekers are sensitive and such safeguards need to ensure that information that a person has applied from asylum, easily derived from an EU system, is not shared with third countries, not even by mistake.

Interoperability largely relies on biometric matching. FRA has documented that there is a high trust in biometric matching. False matches rarely occur, but when they do it is particularly difficult to rebut a false assumption based on a false biometric match, particularly for third country nationals in a vulnerable situation, being asylum seekers or irregular migrants. The individual is not trusted, which impacts on the dignity of the person. Similarly, in case of difficulties in fingerprinting an asylum applicant is easily suspected of trying to avoid the Dublin procedures.  

Multiple identities may have many reasons that have nothing to do with an intentional identity fraud, such as data entry errors, transcription errors and weak civil registries in countries of origin. The person concerned may automatically be suspected of having committed identity fraud, affecting his or her dignity. But inaccurate data should be corrected based on plausible and substantiated arguments.

Access to own data and to correct or delete them if necessary are important data protection safeguards. This is much more complicated for persons who do not speak the language or understand the legal regime, or who are no longer on the territory. When EU IT systems are made interoperable the third country national would need to know in which IT system the information is stored and how to contact the relevant authority in the responsible Member State. The interoperability regulations foresee a web-portal through which the person concerned can receive the contact information of the Member State authority responsible.

Interoperability largely relies on matching of fingerprints. Disproportionate use of force if the person is unwilling to provide fingerprints may not only result in violations of the right to human dignity but also theprohibition of torture and inhuman or degrading treatment in extreme cases, as FRA research has shown.  

Interoperability can lead to discriminatory treatment of people based on their sex, race, colour, disability or other prohibited grounds. For instance, mismatches and potential suspicions may affect women more than men due to changes in family names, as FRA has pointed out in its work on EU IT systems and interoperability. Design of the physical environment when collecting or matching fingerprints need to be suitable for persons with disabilities. Considering the fundamental rights impact of facial recognition technologies, the colour of the skin, for instance, can play a role, as white skin reflects light more than dark skin and not enough illumination may more easily result in a false match for dark skin colouration. Moreover, the training data used for developing algorithms for facial recognition technologies need to reflect the diversity in terms of skin colour and age, and include both men and women.

The mere knowledge that data is stored in a particular data base may create a bias. For instance, if data on the person is stored in ECRIS-TCN, this means that the person in front of the officer could be anyone from someone guilty of a misdemeanour to a serious criminal offence. The ETIAS screening rules will assess risks in terms of irregular migration, security or public health before granting the travel authorisation.

Risk indicators that entail a high risk of discrimination, including race, ethnic origin or religious beliefs are prohibited. However, unintentionally groups of travellers may be discriminated as FRA has highlighted. One could imagine, for example, that members of a minority group in a specific region of a third country have the lowest education level and are primarily involved in a particular occupation (e.g. agriculture), a feature which is not shared by other groups.

Interoperability may bring in a risk for indirect discrimination. Third country nationals registered in the IT systems would face greater likelihood of being subject to criminal investigations than other members of the community whose personal data is not collected or stored on a systematic basis. It enhances the ability to detect criminal behaviour of one group, and find that the ‘hit rate’ in this group is indeed higher than in other groups where we lack the same ability to detect crime – our own nationals. This exposure of asylum-seekers and third country nationals to investigation could fuel existing misperceptions that there is a link between asylum-seekers, migration and crime.

Interoperability supports more efficient apprehension and return of irregular migrants. This is likely to drive them further underground. FRA has found that the fear of apprehension discourages irregular migrants from approaching providers of basic services, such as medical facilities or NGOs that offer legal advice, and from sending their children to school. Those who are victims of crimes might also be reluctant to approach the police out of fear that this would lead to their removal, which puts them at risk of further victimisation and allows perpetrators to remain unpunished. Interoperability may create new risks for migrants’ fundamental rights and FRA’s guidelines on the rights-compliant apprehension of migrants in an irregular situation continue to be relevant. Moreover, according to Recital 10 of the Victims’ Rights Directive, the right of victims to be acknowledged as victims and to have access to justice should not be made conditional on their residence status.

Interoperability may particularly affect children. They are typically included in the EU IT systems as a consequence of decisions taken by their parents or care takers. The personal data stored may be retained for a considerable time and used for a number of purposes. The blanket retention of biometric data of persons not convicted of any crime for law enforcement purposes may be especially harmful for children, as the European Court of Human Rights have pointed out. Moreover, age impacts on the quality of biometric data, both fingerprints and facial images. Another challenge is the provision of information to children. The child needs to receive information on the purpose of the fingerprinting and data processing in a child-friendly manner to be able to exercise his or her right to be heard in administrative or judicial proceedings.

However, interoperability may also positively impact on the best interest of the child. If a child is deprived of some or all of the elements of their identity, the signatories shall provide appropriate assistance and protection, with a view to quickly re-establishing the identity, under Article 8 of the Convention of the Rights of the Child. In the absence of travel documents, fingerprinting is one of the very few options to identify a person. Where children arrive separate from their families, fingerprints and facial images will allow Member States to follow up a line of inquiry when a fingerprint match indicates that they were present in another Member State. For example, IT systems may help trace missing and abducted children, including child victims of crime.

Interoperability in practice

To ensure oversight and access to remedy, the individuals concerned and their legal representation would need to insist on the principle of transparency to be able to understand how decision are made. Lawyers and NGOs providing legal support need to increasingly specialise in data protection law and also understand the implications of the technology. FRA foresees to develop an awareness raising guide targeting civil society actors with respect to the safeguards within interoperability of the EU IT systems. The national data protection authorities obviously play a central role and need to get adequately resourced.

The proof of the pudding is in the eating. The interoperability regulations foresee a comprehensive evaluation (a year after the entry into force of interoperability) to assess ‘the impact of interoperability on fundamental rights and on the right to non-discrimination (Article 78 (4)). In addition, every two years, the Commission should evaluate the impact of the multiple identity detector on discrimination (Article 78 (6)). It remains to be seen how the fundamental rights safeguards will be implemented in practice.