• Home /
• Analyses /
• 2026 /
• Counterterrorism and Children's Data Child rights implications of data-driven technologies and migration policies

Counterterrorism and Children's Data Child rights implications of data-driven technologies and migration policies

In a world where data is routinely shared across borders, children are at risk of lifelong consequences when their names are placed on security databases or watchlists. Whether children are used by armed groups, suspected of links to them, or who simply have family members involved, they may be screened by official authorities. This often involves recording and storing their sensitive personal data and can lead to them being flagged as a security risk. This article suggests ways to reduce these risks by integrating a child rights-based lens to counterterrorism work.

---

In northeast Syria, boys deemed to be of “fighting age” have been separated from their families, detained, and subjected to biometric data collection, including DNA sampling, iris scans, and fingerprints. Many of these children were either previously recruited by ISIL or detained due to their parents’ alleged links to the group. In Al-Hawl camp, which held women and children accused of links to ISIL, boys reaching puberty have been systematically removed from their mothers and placed in so-called “rehabilitation centres,” which in practice often operate as detention facilities.

The consequences can be long-lasting. Being placed on a security database or watchlist can potentially affect nearly every aspect of a child’s life. It can lead to detention, travel restrictions, barriers to education and future employment, difficulties seeking asylum, and lasting social stigma. These outcomes can be based on suspicion alone—even when a child has never committed, and may never commit, a crime. While much of this happens out of public view, the impact can be extremely damaging.

Stronger safeguards are urgently needed. In a world where data is routinely shared across borders, information collected about a child can quickly spread, as security agencies cross-check personal and biometric data against multiple databases, including those used for air travel, migration, and asylum.

Children’s data and counter terrorism measures

As counterterrorism efforts have expanded, so has the collection of personal data. Children have increasingly been caught up in these practices. Children recruited and used by armed groups, suspected of links to them, or who simply have family members involved, are often screened by military or security authorities. In the process, their personal data is recorded and stored. This can include sensitive biometric information such as fingerprints or facial images. In Somalia, for example, children released from the armed group Al-Shabaab are screened by national intelligence services, generally without the presence of UN, humanitarian or child protection actors, leaving serious questions about what data is collected and how it is used.

The issue is even more urgent today because personal data is increasingly shared across security, migration, and asylum systems as well as across borders. For child migrants, asylum seekers or even those who have been displaced, being labeled a security risk can limit their movement and eventually block access to protection. This is especially relevant with new policies like the European Pact on Migration and Asylum, expected to be fully implemented in 2026, which requires biometric data collection and screening for children as young as six years old.

At the same time, there is growing concern about how terrorist groups use new technologies to target children. Online platforms, social media, video games, and artificial intelligence are increasingly used to spread extremist content and recruit young people—sometimes even encouraging adolescents to recruit others. While this threat is gaining attention, far less focus has been placed on how governments use technologies in counterterrorism and what this means for children’s rights.

Much of this remains hidden due to the generalised secrecy that surrounds national security measures. Furthermore, child protection efforts in conflict settings have often focused on urgent priorities, such as helping children recover and reintegrate, with little consideration for how their data is being handled.

In several countries, the United Nations has concluded agreements with national governments requiring that security forces who encounter children allegedly associated with armed groups promptly transfer them to civilian child protection actors. While these “handover protocols” enable security forces to identify children, they do not clearly define the limits of that identification. They are usually silent on whether biometric data may be collected, how long it may be retained, and whether it can be shared.

A further factor contributing to this lack of visibility lies in the legal framework itself. Data protection laws typically exclude national security activities, making it difficult to determine what information national security and intelligence services collect and exchange, and whether children´s privacy is adequately protected.

Counterterrorism laws and policies also tend to be vague on this issue. Unlike in juvenile justice systems—where there are clear rules, such as a minimum age of criminal responsibility—there are no agreed standards requiring the setting of a minimum age for collecting children’s data for counterterrorism purposes. This becomes even more problematic in places like Somalia, where low birth registration makes it hard to verify a child’s age, increasing the risk that children are treated as adults.

Children´s data and new technologies

Evidence from conflict settings shows how new technologies, including biometric systems, are used by states to gather children’s personal data for counterterrorism. For example, U.S. forces have collected biometric data from so-called “military-age males” in Afghanistan and Iraq. In practice, this category has included teenage boys around 16 years old. There seems to be no formal definition of “military-age males” within U.S. military policy; rather, reports suggest that the category may rely on subjective criteria, including physical appearance or remote identification by drones or snipers.

These practices are not occurring in a normative vacuum. Statewatch described this global surveillance network in its report “Networks of [in] security”. The UN security council actively encourage states to collect and share biometric and biographic data for counterterrorism, without explicitly excluding children. Resolution 2396 (2017) calls on states to “develop and implement systems to collect biometric data” in order to “responsibly and properly identify terrorists, including foreign terrorist fighters.” It also urges member states to contribute to Interpol databases and ensure their use by law enforcement and border authorities for screening and risk assessment. Several provisions in the resolution refers to “families” and include both spouses and children of foreign terrorist fighters.

Beyond collection, the way data is processed raises further concerns. Automated processing and the use of algorithmic predictions may expose groups of children—based on age, sex, religion, race, or nationality—to higher risks of discrimination and surveillance as security threats. Inaccurate or biased decisions in systems such as Advance Passenger Information (API) and Passenger Name Records (PNR) can restrict children’s freedom of movement, including their right to leave a country and to seek asylum. Moreover, when artificial intelligence (AI) is used by states for military and national security purposes, its use may fall outside standard oversight regimes for AI.

Another area of concern is digital surveillance followed by the criminal prosecution of children for expressing their views online. Prosecutions should be limited to conduct that clearly falls within narrowly defined criminal offence compatible with the right to freedom of expression under international law (Article 13 of the UN Convention on the Rights of the Child). In practice though, adolescents are often caught by broad or vague domestic definitions of terrorism-related offences, such as advocating terrorism. In France, for example, legislation criminalising the incitement of terrorism has been criticised for its lack of precision. Professor Fionnuala Ní Aoláin, former UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms while Countering Terrorism, observed that this charge has been used extensively against children in France.

Children’s data across borders

The use of these technologies goes beyond counterterrorism in the strict sense. Systems used to collect and share biometric data are increasingly applied to migration control, both at borders and within national territories. Collecting—and sharing for security purposes—personal data from children who have been exploited by armed groups, or who have family members linked to groups labeled as terrorist, can have serious consequences in migration settings. If these children are labelled as security risks, they may face restrictions on their movement and greater difficulty exercising their right to seek asylum.

These risks are closely linked to the growing use of data sharing in migration management. This trend is especially visible in the European Union (EU). EU policy frameworks stress that sharing information between asylum and migration databases—and with bodies such as Interpol and Europol—is essential for counterterrorism efforts. 

EURODAC illustrates how this works in practice. Originally created as a fingerprint database for asylum and migration purposes, access has now been granted to law enforcement authorities. This expansion raises serious concerns. The European Data Protection Supervisor (EDPS) warned against granting access to data of individuals not suspected of any crime, particularly given the vulnerability of asylum seekers. The EDPS also questioned whether it is necessary to grant security agencies access to data collected for entirely different purposes, stressing that such measures must meet strict tests of necessity and proportionality. In practice, this expanded access is already being used. Europol can access EURODAC in order to cross check biometrics on the basis of responding “to the threat from radicalized persons or terrorists who might have been registered in EURODAC.”

Other large-scale IT systems further increase data sharing. The Schengen Information System (SIS), used for security and border management, allows authorities across the EU—including border guards, immigration officials, police, customs, and judicial bodies—to access shared “alerts” on individuals. The SIS Regulation states that the best interests of the child must be a primary consideration in cases involving children. However, its approach appears partial. It recognises children as vulnerable individuals—such as potential victims of trafficking or abduction—but does not clearly address whether children may also be treated as suspects, with their data potentially triggering alerts and surveillance.

Looking ahead, the 2024 European Pact on Migration and Asylum, which will take effect in June 2026, will further expand biometric data collection and screening. Children as young as six who are third-country nationals will be subject to these measures if they arrive at an external border, are disembarked after search and rescue operations, or are found within a Member State after an “irregular” entry. They will undergo security checks against multiple databases to assess whether they may pose a threat to internal security. 

The potential effects on children´s lives and rights

Children can face lifelong consequences when their names are placed on security databases or watchlists—especially when that data is shared across borders.

One of the most widespread effects is stigmatisation. Children may be labeled because of their family ties or past exploitation by armed groups. In some contexts, terms like “ISIS families” can follow them for years. This can result in harassment, social exclusion, and even obstacles to getting civil documentation, limiting access to basic services. Such exclusion can deepen marginalization and thus increase vulnerability to radicalisation. In Iraq, for example, the UN has documented the lasting stigma linked to perceived ties to ISIL, particularly affecting boys.

As a result, children with actual or perceived links to armed groups often experience a form of double victimisation: first, through recruitment, and abuse by armed groups—or through the consequences of their parents’ actions—and second, by being treated as security threats.

Another major risk for children who have been unlawfully recruited or exploited by armed groups, as well as for those with family links to terrorist groups, is deprivation of liberty. Authorities detain thousands of children on national security grounds, often not for crimes they have committed. Instead, detention is frequently based on counterterrorism laws that criminalise mere association with armed groups, combined with broad interpretations of what “association” means—including family ties. In 2024, the UN verified that at least 3,018 children had been detained for actual or alleged association with armed groups designated as terrorist by the Security Council, or for national security reasons. In Iraq, for example, boys have been placed on security lists based on presumed links to armed groups or their relatives’ affiliations. Amnesty International reported that in 2018, boys in Iraq on such “wanted lists” were arrested and detained, and some were summarily executed. 

Further, the collection of children’s data during detention—and their inclusion in security databases as former detainees or ex-convicts—can have long-term, compounding effects.

This is especially troubling because children with past, alleged or family links to armed groups should be regarded first and foremost as victims—either of unlawful recruitment under international law or of circumstances beyond their control, including their parents’ choices to join armed groups. Further, children recruited by terrorist-designated groups such as Al-Shabaab, ISIL, or Boko Haram are often subjected to severe abuse in the hands of these groups and are frequently abducted at a very young age, sometimes as young as nine. The UN has repeatedly stressed that they should be supported through rehabilitation and reintegration measures.

Despite this, they are often treated as security threats and even detained based on association alone. Denying these children recognition and protection as victims undermines the equality principle requiring that all victims of terrorism should be treated without discrimination. The UN Secretary General has expressly warned that repressive and heavy-handed security responses can be counterproductive, contributing to alienation, grievances and potentially fueling violent extremism.

Placing a child on a watchlist, or keeping their data indefinitely based on perceived risk, may amount to a disproportionate interference with their right to privacy. A 2020 UK High Court case illustrates this clearly: the court found that retaining the data of a 16-year-old boy in a counterterrorism program´s record for six years was disproportionate, since authorities had already determined that he posed no risk. Even though the data was not public, it remained accessible across ten databases to police, counterterrorism officers, local authorities, and the Home Office. The court noted that as long as the data was retained, the child lived with ongoing uncertainty and fear that it could be shared—for example, with universities—potentially leading to him being wrongly labeled as a supporter of terrorism. 

The effects of data collection and sharing can extend to a child’s freedom of movement. For instance, relatives of individuals who joined terrorist groups have sometimes been placed on no-fly lists, limiting travel for entire families. In Iraq, families perceived to be linked to ISIL have faced obstacles in obtaining the security clearances needed to return home or to access essential documents such as birth certificates. Former child detainees arrested and listed because of alleged links to ISIL have also reported being unable to travel to obtain civil documents for themselves or their dependents. 

These impacts can also affect life opportunities such as education and employment. Former Guantanamo detainees—including those detained as children—have struggled to obtain travel documents or even rent housing years after release. In Jordan, syrian youths have faced difficulties enrolling in high school or finding work due to unspecified “security reasons,” with authorities offering no explanation despite legal challenges. In at least one case, the restrictions appeared to be linked to the arrest of a distant family member in Syria.

Rethinking counterterrorism through a child rights lens

Given children’s heightened vulnerability, their personal data requires the highest protection, with careful attention to the long-term effects of its collection, use, and sharing. Yet counterterrorism bodies do not consistently assess how these practices affect children. While gender perspectives appear to be widely integrated into counterterrorism measures, a systematic age-based lens remains largely absent.

To address this gap, the following steps are recommended:

Integrate systematically an age lens into counterterrorism strategies, alongside gender analysis. In practice, this means examining how measures affect children differently. For instance, adolescent boys are often detained and labelled “military-age males,” while girls may be punished for perceived support to fighters, including in contexts of forced or coerced marriage.

There are promising examples of incorporating a child rights–based, rather than punitive, approach into counterterrorism measures concerning children allegedly linked to terrorist groups. In Central Asia and the Balkans—notably Kazakhstan, Uzbekistan, and Bosnia and Herzegovina—children returning from northeast Syria have received multidisciplinary, family-oriented support aimed at facilitating their long-term integration, including educational, psychosocial, and economic assistance. A similar approach, grounded in the protection of children’s rights, should be integrated into broader national counterterrorism strategies, that include data handling, technologies, and border controls.

Ensure the security council counter-terrorism committee executive directorate (CTED) incorporates an age lens in its country assessments, combined with gender-sensitive analysis, to evaluate not only how terrorist designated groups recruit boys and girls but also how states´ policies affect them.

Embed child privacy by design, with a focus on children’s privacy from the outset in technology development. Governments and private actors (including AI, security, and tech companies) should consider children’s privacy at every stage—design, development, and deployment—and limit data retention so it does not follow children into adulthood. The best interests of the child must be a mandatory consideration in the handling of children’s data.

The UK’s Age Appropriate Design Code (AADC) illustrates how a child-rights perspective can be embedded in the design of digital services likely to be accessed by children. It requires companies to implement strong privacy protections by default, including data minimization and limits on profiling and geolocation. It also mandates the assessment of risks to children, including their potential exposure to harmful or extremist content.

Treat children’s data as ´sensitive´ in counterterrorism contexts. Like biometric data, children´s data warrants heightened protection because its use can seriously affect children´s fundamental rights. Being classified as “sensitive data” entails strict limits on its use: clear purpose limitation, processing only in exceptional circumstances, short and predefined retention periods, and strong safeguards, including confidentiality obligations, risk and impact assessments, and robust encryption.

Author: Daniela Baro

This analysis is based on the discussion paper written while the author was a fellow at the University of Essex Human Rights Centre, the paper can be accessed here.

Further reading