Statewatch News Online: EU: Collection of personal data for the EU's Visa Information System spreads further across the globe

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Collection of personal data for the EU's Visa Information System spreads further across the globe

In October 2011, the consulates of Schengen states in Algeria, Egypt, Libya, Mauritania, Morocco and Tunisia began inserting the personal data collected from visa applicants into a new computer system. Residents of the North African countries wishing to visit the Schengen area were the first to be targeted for one of the EU's high-tech border control systems, the Visa Information System (VIS). One year on, the VIS has been launched in two further regions (covering the Middle East, Afghanistan, Iran and the Arabian Gulf), with current plans for global coverage by the end of 2013.

Two sides to VIS

A press release announcing the launch of the system in North Africa last year highlighted benefits for travellers, who would apparently experience "clearer, more precise, transparent and fairer visa application rules." At the same time it was made clear that the VIS is intended to ease the exchange of personal data amongst Schengen states and provide the authorities with increased powers over visitors to Europe. The VIS will "make checks at external borders more efficient and enhance overall border security," and boost attempts to "prevent and fight fraudulent use of visas." [1]

It is also expected that is will facilitate the application of the Dublin II regulation on determining the state responsible for an asylum application and "contribute to the prevention of threats to the internal security of any of the Member States."

A centralised database currently operated by the European Commission hosts the information supplied by applicants, although in December it will become the responsibility of the new European Agency for Large-Scale IT Systems. The information collected by overseas consulates and stored within the VIS includes the visa applicant's name, age, gender, nationality, address, destination, duration of stay, person inviting or liable for the costs of the stay, purpose of travel, occupation and employer, amongst other things. Biometric data - ten fingerprints and a photograph - are captured from anyone over 12 years old. [2]

Last week, entry into the VIS of data from visa applicants began in Afghanistan, Bahrain, Iran, Iraq, Kuwait, Oman, Qatar, Saudi Arabia, the United Arab Emirates and Yemen began. In May, data obtained from citizens of Israel, Jordan, Lebanon and Syria applying for visas began pouring into the central VIS database. [3] The information obtained from applicants can be held for up to five years.

Global coverage

Future plans foresee the expansion of the VIS into Africa, South America, Central and South-East Asia and the occupied Palestinian Territory by the end of 2013. The order in which this will happen will be decided by Friends of VIS, a secretive informal working group made up of "senior officials from the states participating in VIS responsible for coordinating national services involved in the VIS project, together with representatives of the European Commission." [4] There is currently "no consensus" amongst the group regarding "the determination of the sequence of the regions to be covered." [5]

Established by a Council Decision in 2004 [6], the aims and purpose of the VIS were defined more precisely in 2008 by two further pieces of legislation. [7] One of these, a Council Decision from June 2008, permits access for certain authorities - those responsible "for the prevention, detection or investigation of terrorist offences or of other serious criminal offences" - to VIS data. Of the European authorities, only Europol is allowed access. Which authorities from which Member States have access is unknown - the information is nowhere to be found in the Official Journal, despite an obligation being placed upon the Commission to publish it in one of the 2008 Council Decisions. [8]

Technology at the borders

The VIS is one of a number of EU systems that will use advanced technology to strengthen controls and monitoring over those entering EU territory. Under current plans it will be joined in coming years by an Entry-Exit System (EES) and Registered Traveller Programme as part of the "smart borders package", which according to one critical study, aims to "achieve total control over all cross-border movements" of visa-holders. [9] Biometric data will be collected for the EES, which is intended to record the entry into or exit from EU territory of any non-EU citizen.

"Smart borders" will be accompanied by a vast surveillance system, EUROSUR, which is intended to link up Member States' separate border surveillance systems and allow the permanent observation of "land and sea borders designated as high-risk - in terms of unauthorised migration - and mandate Frontex to carry out surveillance of the open seas beyond EU territory and the coasts and ports of northern Africa." [10]

Easing access

Recent developments have made clear that law enforcement authorities are keen to get access to biometric data, even when it was originally collected for purposes other than criminal investigations. EU Proposals currently on the table, if agreed by the Council and the Parliament, would see Europol and Member States' authorities given access to Eurodac, the EU-wide database of asylum-seekers' fingerprints, for the "prevention, detection and investigation of terrorist offences and of other serious criminal offences." [11] The proposal has come in for heavy criticism, with the European Data Protection Supervisor arguing that:

"To intrude upon the privacy of individuals and risk stigmatising them requires strong justification and the Commission has simply not provided sufficient reason why asylum seekers should be singled out for such treatment." [12]

It remains to be seen whether police forces will demand access to the VIS database for reasons other than preventing, detecting or investigating terrorism or serious crime, but with the ability to hold up to 70 million records, it is clear that in years to come a wealth of personal data obtained from third-country nationals will have been collected by the EU.

[1] 'More efficient and secure visa system goes live', European Commission press release, 11 October 2011
[2] Regulation (EC) No 767/2008, Article 9
[3] Presidency, 'VIS - state of play', 3 October 2012,
[4] 'Friends of VIS', 26 October 2011,
[5] Presidency, 'VIS - state of play', 3 October 2012, p.2
[6] Council Decision of 8 June 2004 (2004/512/EC)
[7] Regulation (EC) No 767/2008 of 9 July 2008, Council Decision 2008/633/JHA
[8] Council Decision 2008/633/JHA, Article 3(4)
[9] Ben Hayes and Mathias Vermeulen, 'Borderline', June 2012, p.4
[10] 'Borderline', p.8
[11] Presidency, 'Amended proposal for a Regulation on the establishment of 'EURODAC' for the comparison of fingerprints…', 5 October 2012, p.8
[12] European Data Protection Supervisor, 'EURODAC: erosion of fundamental rights creeps along', 5 September 2012

Statewatch News online | Join Statewatch news e-mail list | Download a free sample issue of Statewatch Journal

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error