US algorithms as border guards: automated judgments on EU travelers possible
A draft on the exchange of biometric data with the USA allows software to decide on entry soon – despite massive data protection concerns.
(Image: Frame Stock Footage / Shutterstock.com)
In the negotiations on a framework agreement between the EU and the United States on the transfer of biometric and other data to US authorities, the Americans are attaching conditions to the retention of the coveted ". A current draft of the agreement grants US security authorities far-reaching powers, reports Euractiv.
The clause on automated decision-making appears to be particularly explosive. Although the document according to Euractiv stipulates that decisions with significant negative consequences for individuals may not be made solely by algorithms. With a loophole: If US law authorizes such procedures, purely machine-based assessment would be permissible. For such cases, there should be "appropriate safeguards" for those affected, such as the right to demand human intervention.
The background to this development is the pressure from Washington. Under President Joe Biden's administration, the USA has created new requirements for visa-free entry with the so-called Enhanced Border Security Partnership (EBSP). EU member states are asked to conclude bilateral agreements with the Department of Homeland Security (DHS) to enable access to national biometric databases.
Anyone who does not reach an agreement by the end of 2026 risks exclusion from the visa-free travel program. To avoid a patchwork of individual contracts and to maintain a certain level of protection, the EU Commission has taken over the negotiations for an overarching framework agreement.
Biometrics and sensitive profiles in focus
The new draft goes far beyond simple travel information. It also provides for the transfer of "special categories" of personal data. In addition to biometric characteristics such as fingerprints and facial scans from police databases, this includes highly sensitive information about a person's political opinions, trade union memberships, or even sexual life.
Although the authors of the text emphasize that appropriate safeguards must be taken for such transfers. Access restrictions or approval by supervisory authorities would be considered for this. However, these formulations remain vague and leave room for interpretation.
Another point that is likely to alarm data protectionists and legal experts is the planned legal design of the agreement. Should disputes arise over the interpretation or implementation of data transfer, the draft provides for them to be settled exclusively outside the jurisdiction. Conflicts would therefore have to be resolved by a joint committee composed of representatives from the USA and the EU. Resorting to a national or international tribunal is explicitly excluded.
This would remove the procedure from independent judicial review, which, given the sensitivity of the data and the implications of the decisions for travelers, means a weakening of legal protection.
Collision with EU data protection law
The integration of the planned agreement into European regulations such as the General Data Protection Regulation (GDPR) and the AI Act is likely to be difficult. The GDPR generally claims extraterritorial effect. However, the draft stipulates that the new agreement supplements and even replaces existing agreements between EU member states and the USA.
In practice, this could lead to hard-won European standards in the areas of border control and counter-terrorism being effectively undermined. According to the AI Regulation, humans must make the final decision in high-risk areas, not an algorithm.
At least the EU seems to be taking a tougher line on the transfer of data to third countries. The current initiative provides that US authorities may only pass on information received from EU bodies to third parties if the original European authority explicitly agrees. In earlier negotiation stages, EU member states had been willing to allow exceptions for cases of "serious and imminent threats to public safety" without prior consultation being necessary.
Videos by heise
Tight schedules and political hurdles
The political negotiations are now entering a crucial phase. After a first round of negotiations took place at the end of January, the Committee on Civil Liberties, Justice and Home Affairs of the EU Parliament will already deal with the status of affairs in a confidential meeting on February 24.
If the framework agreement is adopted, the individual member states would subsequently have to conduct bilateral talks with the US government. It would be necessary to determine which national databases would be specifically opened for access. Many EU governments have already signaled their willingness to grant broad access to sensitive information to the USA.
Given the tight deadline by the end of 2026 and the security policy agenda of the current US administration, the EU is thus faced with a balancing act. It must ensure the freedom of travel for its citizens without compromising their fundamental rights for the sake of the transatlantic partnership.
In parallel, the US administration is pushing for exceptions to the EU's new digital entry and exit system (EES): Washington is threatening Brussels with harassment of diplomats if US personnel have to provide fingerprints and facial scans for the register at Schengen borders.
(vbr)
