Guest post by Valeria Ferraris, Post-Doctoral Research Fellow and Adjunct Professor at the University of Turin and a member of the board of Amapola, an agency that carries out research and interventions on security and urban livability, liberties and rights. She is the author of several research reports and essays on border control, immigration, crime and fundamental rights. Valeria is on Twitter @Va_Ferraris. This is the fifth instalment of Border Criminologies’ themed series on 'Seeking Refuge in Europe' organised by Monish Bhatia.

The European Agenda on Migration was approved in May 2015. The Agenda highlighted the need to make use of opportunities provided by IT systems and technologies in order to increase the efficiency of border management. One of the key elements for this efficient management is Eurodac, the database for ‘the administration of asylum’, as stated in the Agenda (p.11). In practice, however, Eurodac goes beyond its stated remit. In this blog post I will argue that the operation of the database changes across time and place in order to respond to different approaches to immigration and political will. From a database with administrative functions that guaranteed the processing of asylum applications, in the past, it has now been transformed into a tool that categorises people and defines their future.

What is Eurodac?

Eurodac is the oldest EU biometric database. It was established in 2000 and became operational in 2003. Its original purpose was to establish which Member State is responsible, in accordance with the Dublin Convention, for the reception of asylum applications. In other words, Eurodac was introduced to avoid so-called ‘asylum shopping’.

Eurodac consists of a computerised central fingerprint database (‘Central System’) and a communication infrastructure between the Central System and Member States, which provide an encrypted virtual network dedicated to Eurodac data. Each Member State has a single national access point. The Eurodac focal points enter the fingerprint data and the system immediately processes the information and replies whether the fingerprints are already in the system or not. When hits occur (i.e. the fingerprints are already in the system because the person has already asked for asylum in another Member State) the Member States involved are likely to exchange additional data via a system called DubliNet. The database is managed by EU-Lisa, the new European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, which also manages the Schengen Information system and the Visa Information system.

There are three categories of people whose data can be inserted in the system:

  • Category 1: Applicants for international protection over 14 years old;
  • Category 2: Third country nationals or stateless persons over 14 years old apprehended for irregularly crossing an external border;
  • Category 3: Third country nationals or stateless persons over 14 years old found illegally staying in a Member State, with the aim of checking whether the persons have previously lodged an application for asylum in another Member State.

Specific regulations have been set for each category in terms of data stored, retention period, erasure, etc., the details of which would warrant another blog post. It is important to highlight, however, that Eurodac does not contain any information on the names of applicants, but instead includes their fingerprints, origin and gender. The data of applicants are stored for ten years, while the data of the persons irregularly crossing the border are stored for 18 months and then erased. Data for Category 3 are not stored but only inserted for comparison. National Data Protection Authorities supervise the processing of data within the Member States.

Eurodac and personalised borders

It has been clearly stated by scholars that borders are tools of classification between deserving and undeserving migrants or between bona fide travellers and crimmigrant bodies. This is realised by strategies of manipulation of the ‘location and meaning of borders themselves’ that include three different ways of border-shifting: functionally, spatially and temporally. In addition, we can identify a fourth one – the personalised border – where the traveller embodies the border. Eurodac, as it would be clear by the end of this post, is the leading example of the establishment of a personalised border. In fact being fingerprinted upon arrival to EU territory by border guards or law enforcement officers as category 1, 2 or 3 is what channels migrants either into the category of asylum seekers or those ‘irregularly crossing the external border’.

The events of the so-called European migration crisis since 2014 have been reported on a weekly and monthly basis by the Fundamental rights Agency. The data collection I carried out in Italy for this reporting and its comparison with other Member States makes clear that the Eurodac registration was what decided the destiny of the people.

The table below shows the number of fingerprints inserted into Eurodac in 2015 for a selected number of countries (those with more than 50.000 fingerprints recorded, plus United Kingdom). In 2015 most of the countries registered new arrivals predominantly as asylum seekers (cat.1). Sweden and Germany recorded the highest number of asylum seekers, while, Greece opted for the identification of newly arrived people as mostly ‘irregular border crossers’. A large number of those who arrived in Greece were not registered at all, giving them the possibility to move on to other countries and ask for asylum there. A similar situation was observed in Italy.  In Hungary half of the people that reached the country were registered as asylum seekers (cat. 1) and half as ‘irregular border crossers’ (cat. 2). While States adopted different approaches to new arrivals, it is important to note that the people are the same. Those who were registered as illegal border crossers in Greece or the ones who were registered as asylum seekers in Sweden or Germany were the same people coming from the Western Balkan route. In effect, the only difference between them is a click on Category 1 or 2 by the authorities in respective countries, allowing for a wide margin of discretion based on each state’s attitude towards migration.

Eurodac Annual report

What lies next?

Eurodac has recently been reformed. A new Regulation (no. 603/2013) was introduced in 2013 and entered into force in July 2015.  This new Regulation offers the possibility for Member States’ designated authorities and the European Police Office (Europol) to compare fingerprints linked to criminal investigations with those contained in Eurodac. This effectively changes the primary purpose of Eurodac and raises potential discrimination concerns, and treats asylum seekers as potential criminals.

This new access for law enforcement authorities to a biometric database where the fingerprints are kept for 18 months or 10 years according to a discretionary decision enlarges the possibility of remotely control this population.

Furthermore, in light of the developing migratory pressure, there is, yet, another proposal for a recast Eurodac regulation, currently under examination by the Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament. The new proposal allows law enforcement authorities to access Eurodac data for the purposes of preventing, detecting and investigating serious crimes and terrorism. It further gives them the opportunity to track secondary movements within the EU and strengthen the EU’s return policy.

With regard to personal data, the new proposal introduces the obligation to store data on names, nationalities, place and date of birth, as well as facial images in addition to fingerprints. Eurodac will not be an anonymous database anymore. What is more, the fingerprinting age is lowered from 14 to 6 years old.

The purpose and the scope of application of the Eurodac Regulation have been continually broadened since its creation. However, this did not come with increased awareness of the rights of third country nationals despite clear provisions that they can access the database to check whether their name is included. For example, in 2014 only 26 third country nationals exercised their right of access the database, out of more than 600.000 new fingerprints inserted that year and a total of 2.707.338 set of fingerprints stored in the database by the end of December 2014. The situation did not change in 2015. Only 89 third country nationals requested access, out of more than 1,915,838 new fingerprints inserted and a total of 4,076,408 set of fingerprints stored.

Data protection is a fundamental right but the possibility to effectively exercise this right does not seem possible for asylum seekers and border crossers in Europe. Instead, they are treated as potential criminals, and their data are kept well beyond the time needed for the administrative and purely migration-management purposes for which they were collected. Data are certainly collected lawfully but the purpose of their collection and use changes over time. However, as presented with evidence above, Eurodac is a formal legality which does not exclude the absence of a substantial illegality.

Any comments about this post? Get in touch with us! Send us an email, or post a comment here or on Facebook. You can also tweet us.


How to cite this blog post (Harvard style)

Ferraris, V. (2017) Economic Migrants and Asylum Seekers in Ten Fingers: Some Reflections on Eurodac and Border Control. Available at: (Accessed [date]).