Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


The EURODAC debate: Do asylum-seekers deserve human rights?

Next week, the European Parliament will make an important decision affecting one of the world’s most vulnerable and stigmatised groups of people: asylum seekers. This decision is part of a larger debate about privacy and function creep, about authorities breaking promises that were made when personal information was collected and using it for new purposes.

EURODAC, a transnational database containing the personal and biometric information of all asylum seekers and illegal immigrants found within the EU, was established twelve years ago by the European Council (Regulation No. 2725/2000). The database holds various pieces of personal information, including country of origin, sex, and date and place of apprehension or asylum application. It also contains the fingerprints of asylum applicants and illegal immigrants over the age of 14, ostensibly to allow  authorities to determine whether individuals have already applied for asylum in another EU Member State or have transited illegally through another EU Member State. A fully automated, computerised fingerprint identification system is used for comparisons. The data of asylum applicants is retained for ten years, while data relating to foreigners apprehended due to unauthorised crossing of an external border is stored for two years. Although all data is erased once an individual obtains citizenship of an EU Member State, how the data is used while in the database remains unclear. 

When this database was created, its use was intentionally limited to administrative purposes; the information was collected and processed solely for the purpose of administering asylum claims. But since then, European governments have been fighting for the ability to expand use of the database. In 2009, the European Commission presented a proposal to open up the EURODAC database to law enforcement agencies and Europol. This proposal was rejected at the time because of the work of various civil society groups, who expressed concerns about the potential for increased stigmatisation of asylum seekers and about the data protection implications of such a move.

Now the proposal is back. The European Council and the European Commission are again advocating for the use of the database for law enforcement purposes, and making much of its usefulness in reducing terrorism and serious crime. Next week, the proposed EURODAC regulation will be discussed at an orientation vote in the European Parliament under the aegis of the Civil Liberties, Justice and Home Affairs (LIBE) Committee.

According to the European Commission, asylum data stored in Member States’ national databases have already been instrumental in solving cases of terrorism and serious crime committed in other Member States. One example is the case of a terrorism suspect wanted by Dutch law enforcement authorities, who was identified on the basis of national asylum data held in Germany, where he had applied for asylum. And by comparing fingerprint data provided by a neighbouring Member State with the Netherlands’ national asylum database, Dutch law enforcement authorities identified several members of a criminal gang specialised in armed robberies.

However, shifting to the wholesale sharing of biometric information in EURODAC requires more than just anecdotal evidence as justification The European Data Protection Supervisor (EDPS)  argues that the necessity and proportionality of law enforcement access to EURODAC data has not been sufficiently demonstrated. The EDPS has therefore recommended that the Commission provide a new impact assessment in which all relevant policy options are considered, solid evidence and reliable statistics are provided, and an assessment from a human rights perspective is included. The potential for error in matching fingerprints, and the resulting implication of innocent asylum seekers in crimes they did not commit, has been pointed out by the UN High Commissioner for Refugees (UNHCR), which recommends strengthening provisions prohibiting the transfer of information about asylum seekers or refugees to third countries.

Privacy International urges the European Parliament to delay the proposal so that proper impact assessments can be carried out and evidence gathered. At a time when we are all participating in a Europe-wide deliberative discourse on the future of data protection laws in Europe, it is odd that the Parliament is considering the expanded use of a system that was designed for a single purpose - an anathema to the very privacy principles they are debating for the protection of Europeans’ fundamental rights. 

We are talking about a serious intrusion upon the rights of one of the world’s most vulnerable groups of people, and current evidence does not adequately illustrate the proportionality, necessity and utility of the proposal for combating terrorism and other serious crimes. The conditions for law enforcement access remain vague, and it is still unclear how this access would be policed and how data would be safeguarded against abuses. Democratic Europe should be protecting asylum seekers by default, not putting them in harm’s way.