The European Commission wants to negotiate an agreement that would allow US authorities direct access to police-stored fingerprints and facial images in Europe. Potentially, all travelers could be affected by such queries – and people in need for protection.
At the end of July, the European Commission presented a proposal for a mandate to negotiate a framework agreement with the United States for a new transatlantic deal to exchange personal data of citizens. This “Enhanced Border Security Partnership” (EBSP) would allow US border and police authorities to directly access police biometric databases in Europe. Information obtained in this way could then be used for identity verification and security checks at border crossings or for visa applications.
The US government first made this demand in 2022 and sent letters to participating states of the “Visa Waiver Program” (VWP). It currently regulates mutual visa-free travel with 43 countries. Washington threatened that any country refusing the new “Border Partnership” would be excluded from the program.
The requested access is extensive: even within the European Union or the Schengen Area, no member state allows such direct access to its national police databases. At most, access is granted through the “hit/no hit principle”: first, it is checked whether information on a person exists. Afterwards, the authority may request the data set from the other country, potentially including a court order.
Commission wants broad framework
In the EU, the demand for “Border Partnerships” caused a stir three years ago. The Commission then argued that instead of bilateral agreements between the United States and each EU state, a common EU-US framework agreement was necessary. It justified this by stating that Brussels is responsible for all negotiations related to visa policy and data protection – and the EBSP falls under this scope, the Commission explained.
However, the United States does not adhere to the principle of equal treatment within the “Visa Waiver Program,” as enshrined in EU treaties: citizens from Bulgaria, Romania, and Cyprus are still not allowed to travel visa-free to the US. The Commission’s decision not to tie the new US demands to this unresolved visa dispute has therefore drawn criticism. Even if an EU-US framework agreement were concluded, it would not apply to these three countries.
The Commission stresses that the agreement must be reciprocal – meaning European border authorities and police should also gain direct access to police data in the US. However, it is doubtful whether Washington would agree to such a demand. Moreover, there is no nationwide database in the United States comparable e.g. to Germany’s police system for fingerprints and facial images. This INPOL database currently holds searchable photos of 5.4 million people – data that the US government is also targeting.
Vague category: “Migration contexts”
Initially, it was said that US authorities primarily wanted access to fingerprints and facial images of people traveling from a VWP state to the United States or applying for asylum there. But the agreement apparently goes much further: according to the Commission’s proposed negotiation guidelines, the exchange would also cover “individuals encountered by Department of Homeland Security law enforcement in a border and immigration context in the US.”
This third category is particularly vague. In practice, it could include anyone coming under the jurisdiction of the Department of Homeland Security – whether during a border check, an arrest within the country, or in deportation proceedings. While the agreement is supposed to include conditions that must “trigger” a query, the wording allows significant leeway. The Commission explicitly wants to exclude only routine mass queries of all travelers.
In the EU, the General Data Protection Regulation and the Police Directive govern the processing of personal data. For police cooperation with the US, there is an “Umbrella Agreement,” but it does not apply to the EBSP: it only regulates cooperation for law enforcement purposes, not for visa- or border-related matters. The new framework agreement would therefore need to specify categories, purpose limitations, and protective mechanisms in detail.
For the concrete implementation of the framework agreement, individual EU states could then conclude additional bilateral agreements with the US – for example, defining the technical processes for accessing national police databases or designating responsible authorities.
Trump increases pressure
The demand for a “Border Partnership” with all VWP states dates back to the Biden administration. Under the new president Donald Trump, it has gained a new dimension: reports are increasing of US immigration authorities using data from various agencies and police forces, as well as software from Palantir, to actively hunt migrants – even travelers from EU states are not spared. With direct access to fingerprints and facial images in Europe, this apparatus would gain substantially more data for its dragnet searches aimed at a brutal migration control.
There is little time left for civil rights or data protection initiatives to mobilize against the mandated “Enhanced Border Security Partnership”: the deadline for concluding a bilateral agreement between the US and each VWP state is December 31, 2026. It is not yet certain whether the European Commission will receive the proposed negotiation mandate for a framework agreement. After the summer break, member state governments are set to vote on the matter.
Leave a Reply