EES and Your Personal Data: Understanding Privacy and Security for Travelers

What Data is Collected by the EES? A Clear Overview for Travelers

When you interact with the EES at the European border, the system will create a comprehensive digital file specifically for you. This file is designed to capture essential information necessary for border management and security. The data collected includes:

• Your Full Name: As it appears on your travel document.
• Passport Details: This includes your passport number, issuing country, and expiry date.
• A Facial Image: A live photograph taken at the border to serve as a biometric identifier.
• Four Fingerprints: Your biometric fingerprints will be captured to further secure your identity.
• Dates and Locations of Your Entries and Exits: The system will meticulously record when and where you enter and exit the participating European countries.^[3]

This combination of alphanumeric and biometric data creates a robust and unique digital travel record, replacing the traditional manual passport stamps. The collection of this data is a fundamental aspect of the EES, enabling the system to accurately track your movements and ensure compliance with immigration rules.

How is Your Data Used and Stored? Ensuring Responsible Data Management

The data collected by the EES is not used indiscriminately. Its primary purposes are strictly defined and focused on enhancing border security and efficiency:

• Border Management: To facilitate and streamline the process of crossing external borders, making it quicker and more efficient for legitimate travelers.
• Preventing Irregular Migration: By accurately tracking entries and exits, the system helps to identify individuals who may be attempting to overstay their permitted duration or enter unlawfully.
• Law Enforcement Purposes: Under strict and specific conditions, your data may be accessed by law enforcement authorities for the prevention, detection, or investigation of serious criminal offenses and terrorism. This access is highly regulated and only granted when absolutely necessary.^[13]

Regarding data retention, your information is stored for a period of three years from your last exit date from the Schengen Area. After this period, your data is automatically deleted from the system. However, for individuals who are identified as having overstayed their permitted duration, the retention period is extended to five years. This extended period allows authorities to manage and address cases of non-compliance effectively.

Your Rights Under EU Data Protection Law: Empowering Travelers

As a traveler whose data is processed by the EES, you are afforded significant rights under EU data protection law, specifically the General Data Protection Regulation (GDPR). These rights are designed to give you control over your personal information:

• Right to Access: You have the right to request and obtain confirmation as to whether your personal data is being processed, and, where that is the case, access to the personal data.
• Right to Rectification: You can request the correction of any inaccurate personal data held about you. If your passport details change, for example, you can request an update.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data if it has been unlawfully processed or is no longer necessary for the purposes for which it was collected.^[13]

These rights ensure transparency and accountability in how your data is managed. If you believe your data has been handled improperly or you wish to exercise these rights, you can contact the relevant data protection authorities.

Data Security: Protecting Your Information within the EES

The security of your personal and biometric data is a top priority for the EES. The system is managed by eu-LISA, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice. eu-LISA is responsible for ensuring the continuous operation and security of several large-scale IT systems crucial for the EU's internal security and border management.

The EES operates under strict EU data protection regulations, which are among the most stringent globally. These regulations mandate robust technical and organizational measures to prevent unauthorized access, accidental loss, destruction, or damage to your data. Regular audits and security assessments are conducted to ensure the integrity and confidentiality of the information stored. This commitment to data security is designed to prevent misuse and ensure that your sensitive information is protected throughout its lifecycle within the EES.^[3] Travelers can therefore be assured that their data is handled with the utmost care and in compliance with high European standards.

References

• European Commission, Home Affairs: Entry/Exit System
• European Union Official Website: Data held by EES