What will be the ETIAS Data Retention Policy?

What will be the ETIAS Data Retention Policy?


Internet security and the possibility of personal information and data being stolen and misused is one of today’s hot topics. Every online form or questionnaire will most likely require some personal data from the form-filler and that can include sensitive information such as a medical history or financial details. Even seemingly innocuous things such as a home address, email address or date of birth can be mined by internet hackers and possibly used for criminal purposes. Fraud, identity theft and illegal money transfers are some of the possible outcomes when personal data falls into unscrupulous hands and storing this data safely is of the utmost importance.

With the launch of the ETIAS in 2021, travel arrangements to and from Europe are set to change for individuals travelling visa-free to EU Member States. Travellers wishing to use an ETIAS must submit their data via an online form online. This, of course, means that the applicant’s personal details must be stored in European databases and subject to the inherent risks attached to all information stored on the internet. This article provides information on what information is stored, who has access as well as the duration of time an applicant's data is stored for the purposes of an ETIAS application.

Data Access

The online form for ETIAS approval will require the applicant to supply personal details as well as information relating to work, travel plans, health and criminal history if applicable. It is expected that around 95% of all applications will be automatically passed while those that fail may be submitted for appeal. Such appeals will be handled by an ETIAS National Unit in those countries that are members of the scheme. For “third country” nationals (those who are citizens of a country outside the European Union) the applicant’s details are sent directly to the ETIAS Central Unit which will operate on a 24/7 basis. These two bodies will be responsible for collecting and assessing the information and rendering a decision on whether to approve the application or not.

  • ETIAS National Units. These units will be responsible for handling failed applications and conducting a manual risk assessment of the applicant and then endorsing or reversing the decision. National Units will also provide information regarding the appeal process.
  • ETIAS Central Unit. The Central Unit will be the storage and clearance centre for all information and data submitted by applicants. To be managed and run by the European Border and Coast Guard Agency, the Central Unit’s functions include:
  1. Ensuring data recorded and stored is up to date and correct
  2. Verifying an applicant’s identity and information supplied in the application
  3. Evaluating and revising specific risk and security issues or indicators
  4. Monitoring the management of applications with regard to privacy, fundamental rights and data protection

Data Sharing

Once an applicant’s information is verified and stored in the Central Unit it can be accessed by an array of security agencies and checked against their databases. These include:

  • The Visa Information System (VIS)
  • The Schengen Information System (SIS)
  • The Entry/Exit System (EES)
  • Eurodac
  • Europol
  • Interpol

Although the various European law enforcement agencies can request access to the ETIAS Central Unit’s database, this will only be granted under strictly defined conditions. These include the investigation, detection or prevention of terrorist or other serious criminal offences.
ETIAS will also assemble its own dedicated watch list covering specific risk indicators to enhance and improve the European Union’s border and internal security and this list will be made available to all relevant security agencies.

Data Storage, Security and Retention

All information and data collected for ETIAS purposes will be stored on secure, state of the art, encrypted computers at the ETIAS Central Unit. Access will be granted to European law enforcement agencies but the level of access will be limited to just the relevant information and not the entire data of the applicant.
ETIAS, as proposed by the European Commission, is fully compliant with the Charter of Fundamental Rights including the highest possible standard of data protection. All data stored will be maintained for the shortest time possible and this time limit currently stands at:

  • The three year period of validity of the ETIAS authorisation, or
  • Five years following refusal, revocation or annulment of the authorisation

Personal data may also be stored for an additional period of up to three years following the expiry date but this will require the express consent of the applicant. This extended period is to facilitate any new application for renewal that may be submitted and permission to retain personal data may be withdrawn by the applicant at any time during the three year extension period. If consent is withdrawn the data held and application form will be erased immediately.

Once the expiry date (agreed or automatic) is reached, all the applicant’s personal data will be deleted from the ETIAS Central Unit’s system and the original application form deleted within the following seven days.

ETIAS Operational Security

The operation of ETIAS will be under the control of eu-Lisa, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice. Already responsible for the operation of the Schengen Information System (SIS), Eurodac and the Visa Information System (VIS), the eu-Lisa agency is currently developing and fine tuning the ETIAS application process as well as creating the ETIAS website and a mobile app.

With a proven track record in the creation, maintenance and management of large IT systems, eu-Lisa will provide training for staff at the ETIAS Central Unit in the areas of an applicant’s fundamental rights, data security and data protection as well as technical use of the new system.