The Dark Side of EURODAC

As reliance on technology in the regulatory sphere continues to increase, so do concerns surrounding the privacy rights of individuals. The collection of biometrics such as fingerprints, facial image data, and genealogy presents a threat to privacy, given the lack of regulatory limits on how such data can be collected and used.

Immigrant communites across the globe are particularly suspectible to personal data collection and privacy encroachment. In an article published several years ago, Benedita Menezes Queiroz of the Católica Global School of Law argues that the European Union’s immigration database threatens migrants’ rights.

Specifically, Queiroz focuses on the European Asylum Dactyloscopy Database (EURODAC) System, which collects fingerprints of asylum seekers and irregular migrants. Because these data are accessible to a variety of agencies, including law enforcement, Queiroz warns of potential harms to migrants’ rights to privacy and data protection, particularly within the lens of crimmigration, defined in the article as “the intertwinement of crime control and migration control.”

Over the past decade, the European Union (EU) received a vast number of refugees, resulting in more stringent immigration policies that limited the number of irregular migrants by over 90 percent. Upon migrants’arrival in the EU, immigration officials categorize and register them in a database with their fingerprints, among other personal data.

The EURODAC is a database established by the EU in 2003. Lawmakers created the database to monitor claims of asylum seekers to ensure that individuals were not seeking asylum in multiple EU member states. The EURODAC II Regulation in 2015 updated EURODAC’s codified purpose, expanding the existing system to include the fingerprinting of specific categories of migrants, including those who were found to be illegally staying in the EU and have not applied for asylum.

Critics of this expansion raised concerns about asylum seekers and migrants being sought out for allegedly breaking the law. For example, law enforcement officials can access fingerprints in EURODAC in criminal investigations. Queiroz highlights this conflation of immigration and criminal behavior as a problematic aspect of EURODAC II, and identifies three primary factors that contribute to EURODAC’s potential harms to migrants in the EU.

Queiroz warns of the overthrow of the “purpose limitation principle” due to the expansion of EURODAC’s use. According to Queiroz, this principle derives from Article 5 of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, which dictates that digitally stored data be used for “specified and legitimate purposes” established prior to collection and “not used in a way incompatible with those purposes.”

In applying the purpose limitation principle to EURODAC, Queiroz argues that the system’s original purpose of providing administrative guidance on the asylum system has been usurped by EURODAC Regulation II. Furthermore, Queiroz questions whether the expansion of entities with access to EURODAC data, including law enforcement agencies, is an overreach of the system’s objectives.

Second, Queiroz also worries about how fingerprinting migrants will shape public perceptions about these individuals. EURODAC’s conception was unrelated to law enforcement agencies, but it expanded after growing fears of terrorism. Queiroz notes, however, that the European Commission acknowledged that asylum seekers are not significantly involved in terroristic acts or in crime generally.

Even still, the proclaimed importance of protecting the EU against terrorism justified access to EURODAC, according to the Commission. This approach, Queiroz suggests, creates dangerous implications by inextricably linking the act of seeking asylum with the potential for criminal behavior.

Queiroz seeks to bolster her argument by pointing to two court decisions. In the first case, S. & Marper v. United Kingdom, the European Court of Human Rights ruled that the British plaintiffs, who were suspected of committing a crime and subsequently subjected to data collection, experienced discriminatory treatment at the hands of British law enforcement. Because of the sensitive and private nature of biometric data, the Court also argued that law enforcement officials violated the plaintiffs’ privacy rights. In comparison, asylum seekers in the EU must submit to the collection and use of their data by law enforcement agencies regardless of whether they are suspected of a crime.

The next case Queiroz highlights is Huber v. Germany, in which the Court of Justice of the European Union determined that the personal data collection of Huber, an EU citizen, was discriminatory and inhibited his right of free movement. If the Court of Justice of the European Union could rule in favor of Huber, posits Queiroz, why is the same logic not applied to asylum seekers? In treating two groups of people differently concerning the same issue of personal data protection, the EU effectively reinforces an “us vs. them” mentality through its data collection laws.

Lastly, the third and final factor contributing to EURODAC’s pervasive effects is biometric borders. Asylum seekers as young as 14 must provide the EU with their fingerprints and other identifying information, such as their gender. Although migrants do not need to disclose their names, each migrant is assigned a reference number for identification purposes. Proposed updates to EURODAC Regulation II suggest collecting even more information, such as nationalities and images.

The increasing digitization of borders presents a series of risks that affect asylum seekers, Queiroz argues. Some of these risks include the potential for profiling by the police, data breaches, and what Queiroz classifies as a dehumanization of migrants. Their bodies and personhood serve as vessels for immigration control databases, she argues.

The existing EURODAC system, in associating suspicion with seeking asylum, stigmatizes migrants in the EU, Quieroz argues. To protect the rights of such migrants, she urges the EU to consider reforming its EURODAC regulations to reduce the access currently granted to law enforcement, better supervise how access to such data is used, and avoid proposed amendments expanding the type of data collected.