This report is available in PDF format here.

Visa requirements for the Schengen area. Source: European Commission

Until the arrival of the novel coronavirus pandemic in early 2020, it was a widely-held assumption amongst many people that international travel had never been so fast or simple. The pandemic has changed that, at least for the time being. However, even before the imposition of lockdowns and quarantines across the world, the reality was somewhat different, depending on who you are and where you are from.

Some five billion citizens of 105 countries around the world must acquire a visa if they wish to enter the Schengen area (made up of 26 of the EU’s member states along with Iceland, Liechtenstein, Norway and Switzerland). These 105 states are generally amongst the world’s poorest and often suffer from violent conflict, repression, and serious economic, social and political problems. Meanwhile, there are some 1.4 billion citizens of around 60 countries who do not require a visa, but who will soon be required to apply for a “travel authorisation”. This is intended to serve the same purpose: an assessment of whether or not an individual is a ‘bona fide’ traveller (the European Commission's use of red for visa-obliged states seems a fairly blunt way of representing the supposed risk posed by their citizens). Travel authorisations and short-stay visas[1] allow the holder to spend 90 days within any 180-day period within the Schengen area.

Applying for a visa is already an intrusive process, but in the coming years applicants for both visas and travel authorisations will be obliged to reveal increasing amounts of sensitive personal information to EU authorities. Through the introduction of new technologies – ‘interoperable’ databases, automated profiling algorithms and data mining tools – along with ‘pre-crime’ watchlists for potential criminals and terrorists, their data will be processed in a range of new ways and made available to a wide variety of authorities across the EU and beyond.[2]

This report provides a critical examination of forthcoming EU initiatives that will deploy these technologies for the intensified processing of personal data. It seeks to inform civil society – NGOs, campaigners, journalists, researchers and anyone with an interest in the topic – how these processes will work and the implications for fundamental rights, with the aim of spurring further investigation and action.

The introduction of new systems for the increased processing of personal data on visitors to the EU is indicative of broader trends towards the more intensive collection and examination of personal data by both public institutions and private companies. While this is facilitated by new technological capabilities, it is primarily the result of a deliberate intermingling of security and migration policies, a process which has been ramped up in the last five years as EU institutions and national governments attempt to assert their legitimacy and authority by casting migrants as objects of suspicion; potential threats who require close monitoring and supervision lest they try to undermine “our European way of life”[3] in one way or another.

The report is structured on the basis of a journey an individual, and their personal data, would take if they wished to travel to the Schengen area. The first step is making an application for a visa or travel authorisation and what happens to the personal data that must be provided. This is the longest section of the report, due to the range of new procedures that are being introduced – automated checks against other databases, a new profiling system and checks against a pre-crime ‘watchlist’, amongst other things. The second step is the journey itself, whether by plane, train, boat, coach or some other means. The third step in the journey is arrival at the border. The fourth step is the time an individual spends within the Schengen area. The fifth and final step is an individual’s departure and what happens to their data when they leave. Along the course of this journey, some of the processes to which the two groups of travellers will be subjected are the same, and so they are examined together. Elsewhere, they are looked at separately.

Much of the law governing the systems examined in this report is already in place, leaving little room for legislative lobbying. However, this does not mean there is nothing left to be done to challenge the dangers these systems pose for fundamental rights. Some implementing legislation still has to be agreed and, as highlighted in this report, existing national and EU systems that use similar technologies and practices are the subject of ongoing court cases. There is much that campaigners, civil society organisations, journalists and others can do to limit or even remove the veil of suspicion being placed over visitors to the Schengen area.

Previous section: Executive summary | Next section: Step one: Making an application


[1] Long-stay visas are currently largely a national competence, although are increasingly coming within the scope of EU action. A number of changes are currently being introduced to the application process for long-stay visas. For example, the changes to the Visa Information System will expand its scope to include data on up to 22 million long-stay visa applications, as well as residence documents. However, this report only examines the changes that will be applied to short-stay visa applications. For some more information, see: ‘All visa applicants to be profiled and children fingerprinted for revamped Visa Information System’, Statewatch News, 17 August 2018,

[2] Statewatch has previously examined the potential impact of the ‘interoperability’ agenda on undocumented migrants present in the EU. See: ‘Data Protection, Immigration Enforcement and Fundamental Rights: What the EU’s Regulations on Interoperability Mean for People with Irregular Status’, Statewatch/PICUM, November 2019,

[3] Margaritas Schinas, a member of Greece’s conservative New Democracy party, is currently European Commissioner for Promoting our European Way of Life. When his job was first announced, it had the title “protecting our European way of life,” a moniker that was roundly condemned and swiftly altered. The change of name has not, however, been accompanied by any change to the policy programme for which he is responsible. See: European Commission, ‘Promoting our European way of life’,; David M. Herszenhorn and Maïa de La Baume, ‘Outrage over ‘protecting our European way of life’ job title’, Politico, 11 September 2019,


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error