In a mid-May (2018) press release, the European Commission announced some proposed changes to its computerised Visa Information System (VIS) and the associated data storage policy. Here, we examine the workings of the VIS and its role within the European Travel Information and Authorisation System (EU ETIAS). We also consider how the changes could affect travellers who make an ETIAS application for travel to the European Visa area.
Background Checks on EU ETIAS Applications
In the ETIAS news announcement, EC officials detailed their proposals for hardware and software upgrades. After the subsequent testing phase is complete and when the reforms have come into effect, state authorities will be able to use the shared system to check visa applications more easily and effectively than before – including wider crosschecks against other European immigration and security databases.
Apart from visa-issuing authorities, the increased efficiency delivered by the updated VIS will also benefit border guards within the zone. Staff at passport control booths will be able to verify travellers’ identities more rapidly, thus easing queues during busy periods. In principle, the powerful IT system will be available to all twenty-two Schengen EU member states, along with a further four associated with the Schengen zone: Iceland, Liechtenstein, Norway and Switzerland.
The European Union's large-scale IT system authority, eu-LISA, is responsible for the day to day operational management of the VIS.
Border Protection for Schengen Visa Countries
Currently, the VIS holds ETIAS application records for short-term Schengen Visa and data captured from applicants’ details. However, the new proposals will add information from long-term visas, residency permits and the corresponding applications to the data sources. At a stroke, therefore, law enforcement agencies will have extensive and timely access to details that will assist in their crime prevention, protection and investigation roles. In combination, this improved flow of information should boost anti-terrorism measures throughout European visa countries.
Notably, the planned changes are not set to affect the United Kingdom directly, since it is not a party to the Schengen zone agreement. Nor will Bulgaria, Croatia, Cyprus, Ireland and Romania participate directly in the changes to the visa system, as these five EU countries do not form part of the Schengen area.
Data Protection and Privacy
According to the EC website, the beefed-up VIS will comply with legislation and respect individuals' privacy. The system will follow the data protection by design approach.
If the volume of processed data is anything to go by, the planned increase in VIS processing power should prove valuable. According to a fact sheet issued by the EC, the computer system currently stores data relating to more than 55 million travel applications as well as 37 million corresponding sets of fingerprints, facial images and other personal information. These details stay on file for at least five years from visa expiry or refusal dates.
Data Processing Power
Border control staff and national police forces will continue to use the VIS to detect arriving visitors who might pose security risks, thereby preventing such individuals from going unnoticed. The upgraded system should be fully interoperable with other European IT systems and will make the most of recent technological developments. In total, the enhanced hardware and software could handle up to 80 million annual applications for short stay visas within the Schengen area.
Current agreements allow the following authorities and organisations access to VIS data:
- Border guards.
- Visa administration departments.
- Asylum administration officials.
- Migration control and law enforcement.
- Individual European member state police forces.
A key feature of the VIS is its use of fingerprint matching techniques to check that travellers who present a visa document are indeed its authorised holder. At Schengen country borders, electronic fingerprint scanning will check individuals arriving at passport control desks against the biometric details held on file. An apparent mismatch will trigger further investigation.
The system holds ten fingerprint images for every registered adult and teenager on its files, though children under twelve years of age and those people who are not physically able to supply such print impressions are exempt from this requirement. Frequent travellers are required to provide fingerprint scans once every five years; conveniently, existing applicants' records can support subsequent applications for multiple short-term visas within this period.
Reportedly, the increased speed and power of the new computing configuration will make it more effective at preventing visa shopping, the practice of applying to other states for visas if a different EU country has previously rejected a similar application. Finally, crime prevention experts also hope that the system will offer travellers improved protection against identity theft.