The U.S. is demanding automated access to biometric police and asylum data in EU states. Also Trump’s infamous anti-migrant-militia ICE could use the fingerprints and facial images. Nevertheless, the Commission is starting negotiations under high secrecy.
The U.S. government requires all participants in its Visa Waiver Program (VWP) to enter into an “Enhanced Border Security Partnership” (EBSP). The VWP currently allows citizens from more than 40 countries – including 24 of the 27 EU member states – to enter the U.S. without a visa for up to 90 days. In future, however, this privilege is to be tied to new conditions: the U.S. is demanding direct access to national police databases containing fingerprints and facial images from participating states.
Such queries would affect not only travellers, but fundamentally all persons whose data are processed by U.S. border and police authorities. States that refuse to enter into this “border partnership” are to be excluded from the VWP.
Commission receives mandate to negotiate
Even within the European Union, there is no system that allows police authorities of one member state direct access to the national databases of another. In Germany alone, almost six million people could be affected, whose data are stored in the police information system INPOL with facial images and fingerprints. About half of those recorded are asylum seekers or persons required to leave the country.
Shortly before Christmas 2025, the EU member states nonetheless gave the Commission in Brussels the mandate to negotiate a framework agreement with the U.S.. This is intended to establish the general lines for the U.S. data queries. The specific technical, legal, and organisational details must then be regulated in bilateral implementation agreements.
The EU’s negotiating position, however, remains secret. In response to a request under the Freedom of Information Act, the Commission refused access to the relevant document. The reasoning given was that releasing it would “weaken the European Commission’s position in negotiations with the U.S.” and “affect the protection of international relations”.
Serious legal concerns
Criminal law and IT law specialist Jens Ferner criticises the planned framework agreement with the EU extremely. The standards required by the European Court of Justice (ECJ) – a essentially equivalent level of protection, proportionality of surveillance measures, and effective legal remedies – are in “clear tension with the surveillance powers existing in the U.S.”, writes Ferner in a guest commentary for the magazine “Beck Online”.
Ferner points to the “Schrems II” ruling of the ECJ, in which the court declared the EU-U.S. Privacy Shield invalid because U.S. surveillance programmes were not limited to the strictly necessary extent and affected persons had insufficient legal protection. An EBSP granting U.S. authorities “almost immediate online access to biometric police data of millions of people” would not be compatible with the “traditional European understanding of data and fundamental rights”.
A model compatible with EU law would have to provide at least strict purpose limitations and exclude sensitive groups such as witnesses, victims, and professionals bound by confidentiality, says Ferner. Furthermore, an EBSP would need to follow a hit/no-hit principle: first it is queried whether a record exists, and only under strict legal conditions may the data then be transmitted. If these requirements are not met, “legal disputes before constitutional courts and the ECJ are to be expected”.
Infamous U.S. agency ICE could use the data
The exchange in the EBSP is also to include persons encountered in “border and migration contexts”. This could make the data available to the immigration and customs agency ICE. Under President Donald Trump, this agency was massively expanded. With a double-digit billion-dollar budget, one million deportations per year were targeted as a general plan.
Controversial surveillance software from Palantir and other questionable IT tools would be used. Direct access to European police data would significantly strengthen this surveillance and deportation apparatus. This would also have consequences for left-wing political activists, whose biometric data are also stored in national or European systems after identification procedures.
In the autumn, the Trump administration put a supposed German “Antifa Ost” on a terrorism list. Possibly in compliance with the associated sanctions, GLS Bank then closed the accounts of the solidarity organisation “Rote Hilfe“. An EBSP agreement could in this context also lead to individual reprisals when travelling to the U.S..
Deadline expires at the end of 2026
So far, according to public information, only Bahrain has concluded an EBSP agreement with the U.S.. According to the Department of Homeland Security in Washington, it includes the “automated” exchange of biometric data to combat terrorism, organised crime, as well as drug and migrant smuggling.
The EU member states must now decide whether, and under what conditions, they wish to sign such a far-reaching data deal in order to continue visa-free travel under the Visa Waiver Program – or withdraw from it. The deadline set by the U.S. ends on 31 December 2026.
Image: Entry to the U.S. without a visa? New conditions are to be attached in future (Released under a licence similar to public domain via unsplash.com Andres Molina).
Leave a Reply