EURODAC is a European Union (EU) fingerprint database established in 2013, for the purposes of identifying asylum seekers and irregular border-crossers. It facilitates the judicious and transparent receipt and processing of asylum applications from those who may need the protection afforded by Europe. It helps Member States to determine responsibility for examining an asylum application by comparing fingerprint datasets.
The system is mainly comprised of a Central System, which contains the database, and a communication infrastructure between the Central System and Member States that provides a dedicated encrypted virtual network.
The EURODAC System is mainly used with regards to three different categories of persons:
Ø Category 1: asylum seekers;
Ø Category 2: persons apprehended in connection with the irregular crossing of an external border irregularly and were not turned back; and
Ø Category 3: persons found illegally present in a Member State.
All 27 Member States and Iceland, Norway, Liechtenstein and Switzerland have access to EURODAC. In Malta, the authority designated to have access to data recorded in the Central System is the Eurodac Office within the Malta Police Force.
Legal Basis
The processing of personal data in the EURODAC System is based on:
Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (‘EURODAC Regulation’).
Personal data processed in the EURODAC System
Category 1
The data collected on asylum seekers (over 14 years old) are:
· fingerprint data
· Member State of origin, place and date of the application for international protection
· sex
· reference number used by the Member State of origin
· date on which the fingerprints were taken
· date on which the data were transmitted to the central system
· operator user ID
Category 2
Data collected on persons apprehended in connection with the irregular crossing of an external border (over 14 years old) are:
· fingerprint data
· Member State of origin, place and date of the apprehension
· sex
· reference number used by the Member State of origin
· date on which the fingerprints were taken
· date on which the data were transmitted to the central system
· operator user ID
Data can only be recorded and processed in the system if the data subject is over 14 years old and he/she was not turned back.
Category 3
Data processed on persons found illegally staying in a Member State (over 14 years old) are:
· fingerprint data
· reference number used by the Member State of origin
In this case, the transmission takes place only to check whether the person concerned has previously lodged an application for asylum in another Member State(s), and if so, when. These data are not stored in the system.
Use of data stored in the EURODAC System
EURODAC data is used for the purpose of facilitating the effective application of the Dublin Regulation1. The latter establishes the Member State responsible for the examination of the asylum application. The criteria for establishing responsibility run, in hierarchical order, from family considerations, to recent possession of visa or residence permit in a Member State, to whether the applicant has entered EU irregularly, or regularly.
However, the EURODAC Regulation also allows Member States' law enforcement authorities and Europol to compare fingerprints where such comparison is necessary for the purpose of the prevention, detection or investigation of terrorist offences or of other serious criminal offences.
The EURODAC Regulation allows such checks under strictly controlled circumstances and subject to specific safeguards, in particular, by including a requirement to check all available fingerprint databases first and limiting searches only to the crimes punishable by imprisonment for a maximum period of at least three years.
Such checks may only take place if approved the Data Protection Officer following an independent assessment and verification process of a request in accordance with Article 19 of the EURODAC Regulation. Such process ensures that the requirements set out by the law are complied with.
Retention Period
The personal data stored in the EURODAC database is only for Category 1 and Category 2. No data is stored when a check with regards to Category 3 is performed.
Category 1
These data are stored in the system for ten (10) years, and then they are automatically erased. If an asylum seeker acquires the citizenship of any Member State the data shall be erased immediately.
If a Member State grants international protection (refugee status or subsidiary protection) to an asylum seeker, his/her data shall be marked in the central database based on the Member States’ instructions.
Category 2
These data are stored in the system for eighteen (18) months, unless the data subject has acquired the citizenship of any Member State, has been issued with a residence document by a Member State or has left the territory of the Member States. In these cases data shall be erased from the system as soon as possible.
What are your rights in relation to your personal data processed in the EURODAC System?
Personal data processed in the EURODAC System is regulated by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Any person has the right to:
- request access to personal data relating to him/her stored in the EURODAC System
- request the correction of factually inaccurate personal data relating to him/her or the deletion of his/her personal data in the case of unlawfully stored information
- request restriction of processing of their personal data according to law
- the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) or to request verification of lawfulness of the processing
In order to facilitate the exercise of your rights and to be able to handle the request more efficiently, you are solicited to use the model letter found on the left side of this page.
Also note that since only fingerprint data are processed on the Eurodac System, you will be required to physically attend at the Eurodac Office in order for your fingerprints to be scanned and compared with the Eurodac System Database. Your fingerprint data will not be stored.
For more information about your rights click here.
Regulation (EU) No 604/2013 of the European Parliament and of the Council of 26 June 2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person.