New EMN inform explores the processing of biometric data of third-country nationals in accordance with national and European law

The EMN has published a new inform that provides information on current national legislation and practices for processing biometric data of third-country nationals in 24 EMN Member Countries and three EMN Observer Countries,  in accordance with national and European law requirements. The inform aims to enhance understanding of existing legislation and practices in biometric data management within migration processes in EMN Member Countries and Observer Countries.

Biometric data includes personal information obtained through technical processes related to physical, physiological, or behavioural characteristics of individuals. This allows for the unique identification or verification of that person with examples including facial images and fingerprint data.

In the responding EMN Member and Observer Countries, biometric data are commonly collected from individuals applying for international protection, long-stay visas or residence permits, and short-term visas. In six countries,  DNA collection is permitted in certain circumstances. Biometric data is collected less often during returns, removals, or border crossings.

The most common purpose for collecting biometric data is to establish and verify an individual’s identity or the authenticity of travel documents. Data collection revealed that data collected in migration processes were in some cases also used for a secondary purpose in relation to law enforcement but in line with appropriate safeguards. For example, countries also allow the processing of biometric data for Schengen Information System alerts.

Specific rules for collecting biometric data

The inform notes that all participating EMN Member and Observer Countries have specific rules for biometric data collection, including age limits for fingerprints. These age limits range from 6 to 14 years, varying by country and migration process.
Many EMN Member Countries include specific rules to ensure non-discrimination. These include accommodations for disabilities or religious/cultural needs during biometric data collection and rules for storing and processing data that identify religious or political affiliation.

Data controllers

The most common data controllers for the collection and processing of biometric data under national legislation are the Ministry of the Interior, Immigration or Asylum Authorities, the police, and the Ministry of Foreign Affairs. Other data controllers include the Ministry of Justice and Security, administrative courts at the federal level, or a Parliamentary Commission for Human Rights.

Conditions for storage and transfer of biometric data

Regarding the storage location and period in which biometric data is held, approaches vary among countries. Most EMN and Observer Countries maintain biometric data in a national repository for at least some phase of the migration process.
In terms of international transfer of biometric data, 21 countries permit the transfer of biometric data.  Thirteen report international transfer of data where it is explicitly allowed or required by law, a specific international legal obligation such as a treaty, or a EU regulation.  Typically, the international transfer of biometric data is strictly prohibited as a general rule unless there is a specific derogation such as under the Visa Information System (VIS) or Eurodac Regulations.

Download inform here.

Page