01 September 2016
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
The EU's Visa Information System, which collects the fingerprints, photographs and personal details of every person over the age of 12 who applies for a short-stay Schengen visa, has expanded rapidly since its launch in October 2011. A recent official report on the system says that by the end of September 2015 just over 17 million records had been entered into the system since its launch, and that plans to expand the system's total capacity to 60 million records - up from the current 24 million - were in place.
See: eu-LISA, 'Report on the technical functioning of the VIS', July 2016 (pdf)
The report, produced by the EU's Agency for Large-Scale IT Systems (eu-LISA) and published at the end of July, covers the period 1 September 2013 to 30 September 2015.
Member States of the EU connected to VIS are: Austria, Belgium, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Slovenia, Slovakia, Spain and Sweden.
Associated Countries connected to VIS are: Iceland, Liechtenstein, Norway and Switzerland. The EU Member States Romania, Bulgaria, Cyprus and Croatia are not yet connected to the system, as they are not yet part of the Schengen area.
Between September 2013 and September 2015 the system has grown significantly in size, due to its gradual introduction into new parts of the world. [1]
As the report puts it:
"In the reporting period over 13 million registered applications were processed resulting in more than 11.7 million visas issued. The number of visa applications processed in the month of September 2015 - when VIS was rolled out in 18 regions out of 23 - represents an increase of 160% compared to the amount registered at the beginning of the reporting period, in September 2013 when VIS was rolled out in 8 regions; whereas the amount of visa issued increased by 200%."
By December 2015, when the VIS had been "rolled out" in all 23 regions of the world, the VIS central database contained some 20 million records. In September 2015 a project was launched to increase the size of the database from the current capacity of 24 million records, to a new total of 60 million records. At its peak, it is expected that the system will hold the personal data of 80 million visa applicants. It has recently been proposed that the lower age limit for fingerprinting visa applicants be lowered from 12 to 6. [2]
Asylum
The report notes that: "As from the summer of 2015 an increase of the asylum related activities and checks within the territory were observed." As set out in Article 21 of the VIS Regulation, national authorities are allowed to check asylum-seekers' data against that held in the VIS, to see if they have previously applied for or received a visa - if so, the Member State which issued it is responsible for examining their asylum application.
The report says, unsurprisingly:
"The substantial increase of usage of the VIS for asylum purposes is visible in particular as from the 2015 summer. The number of searches related to asylum in the last reported month, September 2015, shows an increase of 355% compared to the total searches executed in the first reported month (September 2013); the increase was of 365% for the identifications performed for asylum purposes."
The Member States conducting most of the searches for asylum purposes were:
A number of Member States also "started using VIS regularly for searches related to asylum" during the reporting period: from November 2014, Austria; from August 2014, France; from May 2014, Lithuania; from March 2015, Norway; and from July 2015, Belgium.
Furthermore, "the big majority of identifications for asylum purposes were performed by few Member States":
During the reporting period three Member States started the system to identify asylum applicants: Denmark from May 2014, Norway from March 2015 and Belgium from June 2015.
The number of successful identifications ("hits") increased by 172% between September 2013 and 2015. The issue of using the VIS to identify asylum applicants and track previous visa applications has been discussed previously be Member States after concerns were raised by Sweden. [3]
Checks at the border…
During the reporting period, 66% of the operations using the VIS took place at borders (for identity and visa validity checks). 30% of operations took place at consular posts (for visa applications).
Since 11 October 2014, it has been mandatory to use visa-holders' fingerprints to verify their identity at external border crossings. In August 2015, 2.7 million "border verifications" were carried out by Member States, although this is just a small number of the total.
During the reporting period, over 51 million "first line checks" and over 6 million "second line checks" were carried out by Member States' border control authorities. First line checks are those to which all travellers are subjected - i.e. examination of passports and identity cards - whereas second line checks are further checks "which may be carried out in a special location away from the location at which all persons are checked". [4]
Comparing September 2015 to September 2013, there was an almost-90% increase in the number of second line checks carried out, according to eu-LISA's report. One unnamed Member State was identified as undertaking "a practice not fully in line" with the VIS Regulation, by making systematic second line checks on all visa holders.
Such checks should only be performed "in those cases where verification fails or where there are doubts as to the identity of the visa holder". The report says:
"Following investigations and discussions between the relevant Member State and eu-LISA, actions were taken at national level to correct the practice as from April 2015. The incorrect practice had an impact on the figures reported."
...and beyond
Member States can also check individuals against the information held in the VIS within their territories. Article 19 of the VIS Regulation allows searches of the central database using the visa sticker number and/or an individuals' fingerprints: "For the sole purpose of verifying the identity of the visa holder and/or the authenticity of the visa and/or whether the conditions for entry to, stay or residence on the territory of the Member States are fulfilled".
For now this power does not seem to be used widely, although it is increasing:
"Austria, Belgium, the Czech Republic, Greece, Iceland, Latvia, Lithuania, Luxembourg, Norway, Portugal, Slovenia, Spain and Sweden did not perform any verification within the territory as per Article 19 of the VIS Regulation during the reporting period; whereas Denmark, Estonia, France, Liechtenstein, Malta and the Netherlands performing very limited amount of verifications. 76% of the total verifications performed within the territory in the whole reporting period were done by Switzerland. Comparing the monthly data from September 2015 with September 2013, the amount of verifications increase in 46%."
Meanwhile, Article 20 of the VIS Regulation says that fingerprint searches can be carried out "for the purpose of the identification of any person who may not, or may no longer, fulfil the conditions for the entry to, stay or residence on the territory of the Member States".
The use of this power has grown significantly:
"Comparing the monthly data from September 2015 to September 2013, the amount of identifications increased by over 370%. Together with the average increase in the usage of this functionality by Member States already using it in the previous reporting exercise, 10% of the total identifications were executed by three new users in only a couple of months as from spring/summer 2015. Norway started performing identifications in March 2015 accounting for almost 2.5% of the total identifications for the whole period; Austria started in May 2015 and accounted for over 5% of the total identifications in the reporting period, Belgium started using the functionality in June 2015 accounting for almost 2% of the total identifications for the whole period."
Law enforcement access
Since 1 September 2013 designated national law enforcement authorities and Europol have had access to data held in the VIS central database if they can prove it is necessary for the prevention, detection or investigation of terrorist offences or other serious criminal offences; if it is necessary in a specific case; and if there are reasonable grounds to believe that consultation of data in the VIS will "substantially contribute to the prevention, detection or investigation of any of the criminal offences in question." [5]
By September 2015 there were 135 access points across the EU for law enforcement agencies, and "the estimated number of VIS end-users… is over 1,200." However: ""France, Italy, Portugal and Sweden did not report to eu-LISA their designated access points and also did not report any end-users."
Only a minority of Member States' law enforcement agencies have so far made use of the system:
"By the end of September 2015, eleven Member States reported having performed a total of 9,474 searches by law enforcement authorities in accordance with the VIS Decision: the Czech Republic, Estonia, Finland, Germany, Greece, Hungary, the Netherlands, Poland, Slovenia, Spain and Switzerland. Finland, the Netherlands and Slovenia reported very limited usage of VIS for law enforcement purposes, with less than 15 searches each. Over 38% of the whole searches were executed by Germany, followed by Hungary with almost 26%, Poland with almost 14% and Spain with 11% of the total."
Meanwhile:
"Norway, Portugal and Sweden have reported that technical solutions allowing the usage of VIS pursuant to the VIS Decision were not in place during the reporting period. On the other hand twelve Member States - Austria, Belgium, Denmark, France, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta and Slovakia - did not report any activity on the usage of VIS pursuant to the VIS Decision for the purpose of this report."
Annex VI attached to eu-LISA's report gives more information on the number of access points and end-users for national law enforcement authorities. Access granted to the system in Estonia dwarfs all other Member States - the Baltic country has seven access points, which is not particularly high, but has 569 end-users. In second place is Norway with two access points and 206 users.
Quality control
The report also contains some interesting statements regarding the quality of captured fingerprints:
"With the corrective and adaptive maintenance release deployed end 2014, an important novelty was introduced in BMS [biometric matching system] consisting in removing the quality limitations for fingerprints at central level. As of October 2014, the BMS has allowed the insertion and usage (for checks at the borders) of all fingerprints provided by the Member States."
A footnote continues:
"In practice this novelty - technically called zero failure to enrol - changed the behaviour of BMS to a big extent as fingerprints not passing the quality check were no longer rejected. Prior to the deployment some accuracy concerns arose about the quality of future fingerprints to be stored in the database. To mitigate this, the Agency worked together with Member States to introduce a new feature which would provide warning messages in case of quality check not passed."
Sources
[1] See: European Commission, 'Adopted legislation - VIS roll out schedule'
[2] 'EU calls for the fingerprinting of 6-year-old children', Statewatch News Online, April 2016
[3] NOTE from: General Secretariat of the Council, 'Use of the VIS with a view to handling asylum cases', 6747/15, 3 March 2015 (pdf)
[4] Article 2(12), Schengen Borders Code
[5] Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.