Eurodac, the EU biometric migration control database, is reaching its capacity limit. However, a political agreement to expand it has not progressed since 2016. Now an immense number of queries by police from Germany come as a surprise.
According to the Dublin Convention, those states are responsible for asylum applications where protection seekers first arrive in Europe. To implement this decision, the then EU states decided 23 years ago to set up the Eurodac database to store fingerprints. Three years later, this “asylum dactyloscopy database” went into operation. The Schengen states Norway, Switzerland and Iceland are also involved.
The 20-year-old system can store seven million entries, now it is reaching its capacity limit: in 2022, Eurodac contained biometric data of 6.5 million people, up from 5.8 million the previous year. Compared to 2021, the system’s queries also increased by 73 per cent. This is according to a recent report by eu-LISA, the agency for the operational management of large-scale IT systems. It is responsible for the organisation of the Eurodac central system and publishes statistics on it annually. According to the report, maximum utilisation could be reached between the end of 2023 and the beginning of 2024.
Temporary decline due to Corona and Brexit
The significant increase in entries in Eurodac is due to the increased arrivals of asylum seekers after the Corona crisis, which, like the UK’s Brexit, had caused a temporary drop in use of 30 per cent from 2020. Refugees from the Ukraine war also initially brought an increase, but this dropped with the EU directive on temporary protection for Ukrainians in March 2022. According to this, they will no longer be recorded as asylum seekers in Eurodac.
According to the current report, the average daily Eurodac traffic increased after the outbreak of war last year from around 3,000 records and queries in January to 5,000 in March, even reaching a peak of 9,500 transactions in the meantime.
With 26 per cent, most activity in the Eurodac system comes from Germany, followed by Italy, France, Austria and Spain. These five countries accounted for 67 percent of all transactions – i.e. storage and queries – last year.
“Detection of unauthorised movements”
Those stored in the Eurodac central system are divided into three categories. As “Category 1”, all refugees who apply for asylum on arrival in a Schengen state must be registered within 72 hours. Minors over the age of 14 must also provide their fingerprints for this purpose. An Automatic Fingerprint Identification System (AFIS) is then used to check whether this person is already registered as an asylum seeker in another country. In 22 per cent of the cases, these queries resulted in a hit in 2022.
All third-country nationals or stateless persons are entered in “Category 2” if they have obviously crossed the external border of a Schengen country irregularly upon arrival in Europe, for example without possessing a visa.
Finally, “Category 3” was established in 2017 for persons who are found by the police in a Schengen state without a residence permit. During this check for the “detection of unauthorised movements” of refugees, no data is stored in the Eurodac central system, but queries are made. In case of a hit, the persons concerned can be asked or forced to return to the state in which they filed their asylum application.
Children should also provide biometric data
With the so-called refugee crisis, the EU Commission proposed far-reaching changes to Eurodac in 2016. Children from the age of six should also have to give their fingerprints. Also, more personal data of the asylum seekers would be stored, including their facial image. The new draft was part of the reform of the entire EU asylum system, which, however, has been treading water ever since.
However, the negotiations of the EU states with the Parliament on this new Eurodac proposal are blocked. Initial negotiations with the Parliament had taken place this year, but were put on hold by MEPs as of June. The background to this is a “Crisis Regulation” planned by the Commission, which also introduces tighter measures for asylum seekers through the back door.
Components are “reaching the end of their lifecycle”
Notwithstanding the political deadlock, eu-LISA started “two major modernisation measures” for Eurodac last year. According to the annual report for 2022, the architecture and components of the system are “reaching the end of their lifecycle”.
The software and hardware will therefore be renewed and the storage capacity of the system increased to 9 million data records. The “throughput capacity” is to be raised to 24,000 daily transactions. However, the upgrade planned for this year has been postponed “caused by the global supply chain shortages”, the eu-LISA report says.
In principle, however, eu-LISA says the system is running stably and was almost 100 per cent available during the 365 days of last year. In May, a malfunction of the mail server caused an almost two-hour outage, and in October, Eurodac was unable to process “fingerprint-related transactions” for more than four hours. The agency cites an incorrect configuration in a member state as the main cause.
Bavarian police use asylum file for “cold case” investigations
Since 2015, police authorities have also been allowed to use the Eurodac system for law enforcement and security purposes and to search the fingerprints it contains in order to solve or prevent terrorist or other serious crimes. It is possible to query this “category 4” with data from the identification service treatment, but also with fingerprints found at crime scenes. In this case, the system provides a set of best matching candidates of possible matches.
A total of 1,491 searches were carried out in Eurodac’s “Category 4” in 2022, more than double the previous year’s figure. 98 per cent of these searches came from police authorities in Germany.
Clara Bünger, member of the Bundestag, asked the Ministry of the Interior about the reasons for this conspicuous distribution. According to the answer, the Bavarian State Criminal Police Office is responsible. In 2022, it had carried out a total of 1,261 queries in Eurodac. Most of these were searches for “cold cases” to solve homicides.
111 false hits
The Bavarian hit rate in “Category 4”, however, was only 0.4 per cent. “Due to the nature of the matter, a low clearance rate must be assumed here,” explains the Federal Ministry of the Interior regarding the old case queries from Bavaria. “The extremely low number of hits underlines the fact that the opening of Eurodac for access by the security authorities in 2015 was simply superfluous,” comments Bünger, a politician from the Left Party, to netzpolitik.org. The function “clearly does not contribute” to solving serious crimes or increasing the security of citizens.
Without the “cold cases”, however, this rate was much higher in the previous year. German authorities had conducted a total of 55 fingerprint searches in 2021, finding 21 matching entries in Eurodac. In 2022, law enforcement authorities from all participants in the fingerprint file produced 30 hits.
However, Eurodac also generates false hits: in 2022, 111 incidents were reported to eu-LISA from the member states in all categories, the statistics state.
Bünger also criticises Eurodac in principle. The database would empower the authorities to “interfere even more deeply than before with the fundamental rights of refugees”. Therefore, the collection of data on refugees and the authorities’ access rights to it must be restricted again, she said.