EURODAC is a European Union (EU) fingerprint database established
in 2013, for the purposes of identifying asylum seekers and irregular
border-crossers. It facilitates the judicious and transparent receipt and
processing of asylum applications from those who may need the protection
afforded by Europe. It helps Member States to determine responsibility for
examining an asylum application by comparing fingerprint datasets.
The system is mainly comprised of a Central System, which
contains the database, and a communication infrastructure between the Central
System and Member States that provides a dedicated encrypted virtual network.
The EURODAC System is mainly used with regards to three
different categories of persons:
Ø
Category 1: asylum seekers;
Ø
Category 2: persons apprehended in connection
with the irregular crossing of an external border irregularly and were not
turned back; and
Ø
Category 3: persons found illegally present in a
Member State.
All 27 Member States and Iceland, Norway, Liechtenstein and
Switzerland have access to EURODAC. In Malta, the authority designated to have
access to data recorded in the Central System is the Eurodac Office within the
Malta Police Force.
Legal Basis
The processing of personal data in the EURODAC System is
based on:
Regulation (EU) No 603/2013 of the European Parliament and
of the Council of 26 June 2013 on the establishment of 'Eurodac' for the
comparison of fingerprints for the effective application of Regulation (EU) No
604/2013 establishing the criteria and mechanisms for determining the Member
State responsible for examining an application for international protection
lodged in one of the Member States by a third-country national or a stateless
person and on requests for the comparison with Eurodac data by Member States'
law enforcement authorities and Europol for law enforcement purposes, and
amending Regulation (EU) No 1077/2011 establishing a European Agency for the
operational management of large-scale IT systems in the area of freedom, security
and justice (‘EURODAC Regulation’).
Personal data processed in the EURODAC System
Category 1
The data collected on asylum seekers (over 14 years old)
are:
·
fingerprint data
·
Member State of origin, place and date of the
application for international protection
·
sex
·
reference number used by the Member State of
origin
·
date on which the fingerprints were taken
·
date on which the data were transmitted to the
central system
·
operator user ID
Category 2
Data collected on persons apprehended in connection with the
irregular crossing of an external border (over 14 years old) are:
·
fingerprint data
·
Member State of origin, place and date of the
apprehension
·
sex
·
reference number used by the Member State of
origin
·
date on which the fingerprints were taken
·
date on which the data were transmitted to the
central system
·
operator user ID
Data can only be recorded and processed in the system if the
data subject is over 14 years old and he/she was not turned back.
Category 3
Data processed on persons found illegally staying in a
Member State (over 14 years old) are:
·
fingerprint data
·
reference number used by the Member State of
origin
In this case, the transmission takes place only to check
whether the person concerned has previously lodged an application for asylum in
another Member State(s), and if so, when. These data are not stored in the
system.
Use of data stored in the EURODAC System
EURODAC data is used for the purpose of facilitating the
effective application of the Dublin Regulation1.
The latter establishes the Member State responsible for the examination of the
asylum application. The criteria for establishing responsibility run, in
hierarchical order, from family considerations, to recent possession of visa or
residence permit in a Member State, to whether the applicant has entered EU
irregularly, or regularly.
However, the EURODAC Regulation also allows Member States'
law enforcement authorities and Europol to compare fingerprints where such comparison
is necessary for the purpose of the prevention, detection or investigation of
terrorist offences or of other serious criminal offences.
The EURODAC Regulation allows such checks under strictly
controlled circumstances and subject to specific safeguards, in particular, by
including a requirement to check all available fingerprint databases first and
limiting searches only to the crimes punishable by imprisonment for a maximum
period of at least three years.
Such checks may only take place if approved the Data
Protection Officer following an independent assessment and verification process
of a request in accordance with Article 19 of the EURODAC Regulation. Such
process ensures that the requirements set out by the law are complied with.
Retention Period
The personal data stored in the EURODAC database is only for
Category 1 and Category 2. No data is stored when a check with regards to
Category 3 is performed.
Category 1
These data are stored in the system for ten (10) years, and
then they are automatically erased. If an asylum seeker acquires the
citizenship of any Member State the data shall be erased immediately.
If a Member State grants international protection (refugee
status or subsidiary protection) to an asylum seeker, his/her data shall be
marked in the central database based on the Member States’ instructions.
Category 2
These data are
stored in the system for eighteen (18) months, unless the data subject has
acquired the citizenship of any Member State, has been issued with a residence
document by a Member State or has left the territory of the Member States. In
these cases data shall be erased from the system as soon as possible.
What are your rights in relation to your personal data processed in the EURODAC
System?
Personal data processed in the EURODAC System is regulated
by the Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and
repealing Directive 95/46/EC (General Data Protection Regulation).
Any person has the right to:
-
request access to personal data relating to
him/her stored in the EURODAC System
-
request the correction of factually inaccurate
personal data relating to him/her or the deletion of his/her personal data in
the case of unlawfully stored information
-
the right to lodge a complaint with the
Information and Data Protection Commissioner (IDPC) or to request verification
of lawfulness of the processing
In order to facilitate the exercise of your rights and to be
able to handle the request more efficiently, you are solicited to use the model
letter found on the left side of this page.
Also note that since only fingerprint data are processed on
the Eurodac System, you will be required to physically attend at the Eurodac
Office in order for your fingerprints to be scanned and compared with the
Eurodac System Database. Your fingerprint data will not be stored.
For
more information about your rights click here.
Regulation (EU) No 604/2013 of the European Parliament and of the Council of 26
June 2013 establishing the criteria and mechanisms for determining the Member
State responsible for examining an application for international protection
lodged in one of the Member States by a third-country national or a stateless
person.