New EMN inform explores the processing of biometric data of third-country nationals in accordance with national and European law

Overview

The European Migration Network (EMN) has released a new inform that provides information into the migration policy framework governing the processing of biometric data of third-country nationals in 24 EMN Member Countries and three Observer Countries, in accordance with national and European law requirements.

What is biometric data?

Biometric data includes personal information obtained through technical processes related to physical, physiological, or behavioural characteristics of individuals. This allows for the unique identification or verification of that person with examples including facial images and fingerprint data.

Focus of the inform

In the responding EMN Member and Observer Countries, biometric data are commonly collected from individuals applying for international protection, long-stay visas or residence permits, and short-term visas. In some countries, DNA collection is permitted in certain circumstances. Biometric data are rarely collected during returns, removals, or border crossings. 

The most common purpose for collecting biometric data is to establish and verify an individual’s identity or the authenticity of travel documents. Data collection revealed that data collected in migration processes were in some cases also used for a secondary purpose in relation to law enforcement but in line with appropriate safeguards. For example, countries also allow the processing of biometric data for Schengen Information System alerts.

Specific rules for collecting biometric data 

The inform notes that responding EMN Member and Observer Countries have specific rules for biometric data collection, including age limits for fingerprints. These age limits range from 6 to 14 years, varying by country and migration process. 

Many EMN Member Countries include specific rules to ensure non-discrimination, including accommodations for disabilities or religious/cultural needs during biometric data collection and rules for storing and processing data that identify religious or political affiliation.

Data controllers

The most common data controllers for the collection and processing of biometric data under national legislation are the Ministry of the Interior, an Immigration or Asylum Authority, the police, and the Ministry of Foreign Affairs. Other data controllers include the Ministry of Justice and Security, administrative courts at the federal level, or a Parliamentary Commission for Human Rights.

Conditions for storage and transfer of biometric data

Regarding the storage location and period in which biometric data is held, approaches vary among countries. Most EMN and Observer Countries maintain biometric data in a national repository for at least some phase of the migration process.

In terms of international transfer of biometric data, 21 countries permit the transfer of biometric data. Thirteen report international transfer of data where it is explicitly allowed or required by law, a specific international legal obligation such as a treaty, or a EU regulation. Typically, the international transfer of biometric data is strictly prohibited as a general rule unless there is a specific derogation such as under the Visa Information System (VIS) or Eurodac Regulations.

Find out more about practices in biometric data management within the migration process, view the full inform here