Privacy-loving EU building massive travel surveillance system for visitors that will affect billions of people

Posted on Jul 15, 2020 by Glyn Moody

As this blog has noted, for all its faults, the European Union’s GDPR represents one of the most important attempts to protect digital privacy. Although it concerns the EU and its citizens, it has had knock-on effects around the world. Against that background of supporting privacy, it’s disturbing to read a new report from Statewatch about a massive travel surveillance system that the EU is constructing. It will impact nearly everyone who is not an EU citizen – that’s over 6 billion people. Here’s Statewatch’s summary:

Data will be gathered on travellers themselves as well as their families, education, occupation and criminal convictions. Fingerprints and photographs will be taken from all travellers, including from millions of children from the age of six onwards. This data will not just be used to assess an individual’s application, but to feed data mining and profiling algorithms. It will be stored in large-scale databases accessible to hundreds of thousands of individuals working for hundreds of different public authorities.

There are two classes of people who are affected: the five billion citizens of 105 countries that must obtain a visa before visiting the EU’s core countries, known as the Schengen area, and the 1.4 billion who do not need a visa, but must still apply for a “travel authorisation”. The latter group includes most citizens from the Americas, as well as Australia, New Zealand and post-Brexit UK. For visa applicants, full biometrics will be collected: ten fingerprints and a photograph taken from every applicant aged 12 or over. Legal proposals currently under discussion would lower the minimum age to six. In addition, applicants have to demonstrate that they have valid medical insurance for their trip. The visa authorities can also ask to see extensive further documentation, including bank statements, travel tickets, proof of accommodation, employment, property ownership, and even a nebulous “proof of integration in the country of residence”.

Visitors who don’t need a visa must still provide names, address, age, nationality, occupation, level of education and the names of the applicant’s parents. Moreover, when they arrive at the Schengen border, anyone granted a travel authorisation will have four fingerprints and a photograph taken. They will also be asked to answer questions on whether they have been convicted of criminal or terrorist offences. All of this data, and the answers to even more rigorous questions for visa applicants, are fed into central EU databases, where they can be accessed by over 100 national authorities, and thousands of official accounts.

One surprising group that will have (limited) access to these databases to check the validity of visas is travel and transport companies. That’s because if they allow someone without the appropriate authorization to board a plane, boat, coach or train, the companies can be fined, and will be responsible for taking those people back to their point of departure.

At the border, checks will be carried out on visitors’ personal data. Those will not only be using EU databases, but also national and Interpol databases of lost and stolen travel documents. Once inside the EU’s Schengen area, the personal data will be available to another important group: the police. The databases will allow local police to carry out identity checks on people. There is a concern that they will also be used for ethnic profiling by police officers, where they base their actions on ethnicity, race, religion, or national origin instead of an individual’s conduct or objective evidence. By making identity checks easier, the new EU travel surveillance system will also make profiling easier. Leaving the Schengen area will trigger further extensive checks:

Anyone leaving the Schengen area is supposed to be subject to the same checks as upon entry. Visa and travel authorisation holders will, upon their departure, have their personal data whisked through various national, EU and international databases and information systems in order to ensure that they or their travel document have not become subject to a law enforcement alert during their stay.

The Statewatch report concludes by pointing out some of the dangers the EU’s new travel surveillance system will introduce. One is the creation of huge new databases of personal information – a bad idea from a security point of view. Another is the plan to use automated database checks, instead of manual ones. This is likely to lead to more errors being made, and to people being refused visas and travel authorization unjustly.

As well as automated profiling, there are also plans to introduce a “pre-crime” watchlist, which will contain data on people suspected of having committed crimes in the past or – even worse – those the system believes might commit crimes in the future. There is no evidence these kind of predictive systems actually work, which means that people are likely to be refused admission groundlessly. Moreover, Statewatch points out that obtaining redress for wrongful refusal will be hard:

While the legislation contains all the relevant guarantees for data protection rights – such as to request access to one’s own data and to have it corrected or deleted in case of error – the exercise of those rights may prove challenging. Numerous different data protection regimes (both EU and national) will govern the use of these systems.

There is one other major problem with the proposed travel surveillance system, not mentioned by Statewatch. The fact that the home of the GDPR seems intent on building such a massive and comprehensive surveillance system will make it easier for other countries to do the same. They will point out that if the privacy-loving EU is doing it, it must be fine. It is not, but it will unfortunately be hard to argue otherwise.

Featured image by Vasyatka1.