About Eurodac
On 15 June 1990, the signatories of the Dublin Convention decided to set up a system to prevent asylum applications from being lodged in more than one of its Member States.
On 1 January 2014, the third generation of the Dublin Regulation, Regulation (EU) No 604/2013 of the European Parliament and of the Council (Dublin III Regulation), which is still in force, entered into force. This Regulation and its implementing Regulation (Commission Regulation (EC) No 1560/2003, as supplemented and amended by Commission Regulation (EU) No 118/2014) form the basis of the "Dublin procedure".
The range of countries applying the Dublin procedure (32 European countries in total) is wider than both the Schengen area and the European Union.
According to the Dublin Regulation's settling principle, the responsibility for examining an asylum application lies with the Member State which has played the greatest role in allowing the applicant to enter the territory of the Member States, either legally or illegally. However, the principle of family unity and the additional rights granted to unaccompanied minors must be taken into account.
The Dublin Regulation provides for a broad right to information for persons. Adequate information on the Dublin procedure is provided in the form of common information booklets prepared by the European Commission and supplemented by Member States with specific information for each Member State. Further information on the procedure can be found on the website of the Directorate-General for Aliens
As asylum seekers and irregular migrants are in most cases not in possession of a valid travel document or other means of identification, fingerprinting is an essential element in establishing the exact identity of these persons.
In order to ensure the effective application of the Dublin Convention, Member States have established the so-called "Eurodac" system for the comparison of fingerprints by Council Regulation (EC) No 2725/2000 of 20 July 2000 concerning the establishment of "Eurodac" for the comparison of fingerprints, which was replaced by Regulation (EU) No 603/2013 of the European Parliament and of the Council of 20 July 2015. Eurodac (European Dactylographic Comparison system), which enables the countries applying the Dublin Regulation to establish, by comparing the fingerprints stored in the system, whether a foreign national who is illegally staying and/or applying for asylum in one Member State of the "Dublin area" has previously applied for asylum in another Member State or whether he/she has entered the area illegally. On the basis of the comparison of fingerprints, Member States are able to determine which Member State is entitled and obliged to take asylum or aliens proceedings against the person concerned.
Eurodac consists of a central unit within the European Commission with a central computerised database for the comparison of fingerprints and a system for the electronic transmission of data between the Member States and the database, through which Member States send data to the central system.
Data processed in the Eurodac system
Three categories of data subjects determine the data processed in the Eurodac system. The possible data subjects are:
- Category 1: persons who have applied for asylum in a Member State;
- Category 2: persons apprehended for having illegally crossed the external borders of the Member States and who have not been returned;
- Category 3: persons illegally present on the territory of a Member State
The following personal data of each data subject are processed:
1. Asylum seekers (aged 14 and over)
- from 14 years of age (from 14 to 14 years) fingerprint data;
- Member State of origin, place and date of application for international protection;
- Sex of the person concerned;
- reference number used by the Member State of origin;
- date of fingerprinting;
- date of transmission of the data to the Central System;
- user ID of the operator.
The above data will be kept for 10 years, after which they will be automatically deleted from the central system. If the asylum seeker acquires the nationality of a Member State, the data will be deleted immediately.
If the asylum seeker is granted international protection (i.e. recognised as a refugee or a beneficiary of protection), the relevant data will be entered in the central register on the basis of an instruction from a Member State. The data must still be available for comparison for law enforcement purposes for 3 years.
2. Illegal crossing of the external borders of the Member States (from the age of 14)
- fingerprint data;
- Member State of origin, place and date of apprehension;
- sex of the person concerned;
- reference number used by the Member State of origin;
- date of fingerprinting;
- date of transmission of the data to the Central Unit;
- operator's user ID.
Only the data of a data subject who is over 14 years of age can be entered and processed in the system and only if the data subject has not been turned back. The data will be stored for 18 months, unless the data subject acquires the nationality of a Member State, has been issued a residence permit by a Member State or has left the territory of the Member States. In such cases, action shall be taken to delete the data.
3. Illegal residents (aged 14 and over)
- fingerprint data;
- reference number used by the Member State.
In this case, the sole purpose of the recording and transmission of data may be to enable the Member State authorities to establish whether, when and in which Member State the person concerned has previously lodged an asylum application. These data are not stored in the system.
Fingerprinting and data transmission
For the primary purpose of the Eurodac Regulation, to facilitate the effective application of the Dublin Regulation, the list of Member States' authorities with access to the data they transmit and which are registered in the central system is available here.
In Hungary, the fingerprints of asylum seekers are recorded by the National Directorate General of Aliens' Police as the asylum authority, the fingerprints of foreigners apprehended and not deported for illegal crossing of external borders (in the case of Hungary, the Hungarian-Serbian and Hungarian-Ukrainian border) are recorded by the Police, and the fingerprints of foreigners illegally staying in Hungary are recorded by the National Directorate General of Aliens' Police and the Police. The data processing body for all three categories is the National Centre of Expertise and Research, which is also responsible for transmitting the data to the Eurodac Central Unit, receiving the data and comparing them.
Member States sending data to Eurodac should ensure that the taking of fingerprints and the processing, transmission, storage or deletion of data are lawful in order to protect personal data.
Eurodac data processing operations are supervised by the European Data Protection Supervisor in cooperation with the national supervisory authorities. In Hungary, the National Authority for Data Protection and Freedom of Information is the supervisory authority.
Access for law enforcement purposes
As a result of the efforts of the Hungarian EU Presidency in 2011, the legitimacy and importance of the Member States' demand for law enforcement access to the Eurodac database was recognised by the European Commission in its Communication on migration of 4 May 2011. The Communication states that the Common European Asylum System (CEAS) must have a Eurodac database that will continue to facilitate the effectiveness of the Dublin system while meeting the other needs of law enforcement authorities under very strict conditions.
The designated authorities of the Member States and the European Union law enforcement agency (Europol) may, for legitimate law enforcement purposes, request comparisons of fingerprint data with fingerprint data stored in the Central System in order to establish the exact identity of a person suspected of or a victim of a terrorist offence or other serious criminal offence or to obtain further information about that person. This excludes both comparisons with Eurodac data in relation to non-serious crime and systematic or mass comparisons of data.
The requesting law enforcement authority will receive a "hit/no hit" notification if there is information on the person in the national asylum databases of other Member States. In case of a hit, further information on the person may be requested on the basis of other legal instruments allowing for the exchange of information.
Hungarian authorities involved in law enforcement access:
Data subject’s rights
Data subjects have the right to be informed about the identity of the controller, the purposes of the processing, who has access to the data and for what purposes, and how to exercise their rights to information, erasure and rectification. The information must be provided at the time of fingerprinting in the case of asylum seekers and persons apprehended for having illegally crossed the external borders of the Member States and at the time of transmission in the case of persons illegally present on the territory of the Member State. Data subjects who are minors shall be informed in a manner appropriate to their age. Appropriate information on the taking of fingerprints is facilitated by common information booklets prepared by the European Commission and supplemented by Member States with specific information for each Member State.
Each Member State is responsible for the data it processes and sends to the Central Unit, for the quality of the data and must ensure that its processing complies with the relevant EU and national legislation.
If authorities detect incorrect data (e.g. false, erroneous), either upon notification or ex officio, they must take immediate action to correct it, while informing the data subject. If the authority refuses to comply with the request in the procedure initiated on the basis of the request, it must inform the data subject of the reasons for its refusal.
In accordance with EU and Hungarian data protection laws, data subjects have the right to:
- be informed of the data relating to them recorded in the Eurodac Central System and of the Member State which transmitted them to the Central System;
- request the correction or rectification of inaccurate data;
- request the erasure of data processed unlawfully;
- go to court or to the data protection authority in order to protect their rights to their personal data and to obtain compensation for any damage resulting from a breach of those rights.
Requests should be submitted in the first instance to the territorial authority in charge of the asylum procedure or aliens procedure (see http://www.oif.gov.hu and https://www.police.hu, for more information on the procedure, please consult the central contact details of the National Directorate General of Aliens Police and the National Police Headquarters.)
The authority may refuse to provide the requested information in justified cases, but must inform the applicant of the fact and the legal basis for the refusal. An appeal against the decision of the authority may be lodged with the National Authority for Data Protection and Freedom of Information.
A person or a Member State who has suffered damage as a result of an unlawful processing operation or an act incompatible with the Eurodac Regulation shall be entitled to compensation from the Member State responsible for the damage suffered, unless it can prove that it is not responsible for the event giving rise to the damage.