What will be the ETIAS Data Retention Policy?

| December 3, 2021

The purpose of the European Travel Information and Authorization System (ETIAS) is to record and track the details of millions of third-country nationals that pass through the Schengen Zone every year. It’s a vast, complicated, and vitally important system that could prove to be a game-changer for the region and its people, but what happens if that system fails?

More importantly, what happens if a failure, oversight, or weakness results in a hack that puts those details into the wrong hands?

The Importance of a Safe Data Policy

In 2013, Yahoo suffered a data breach that impacted over 3 billion accounts and wasn’t announced until 3 years after the incident took place. In 2019, Facebook exposed over half a billion users and in 2021, over 700 million LinkedIn user accounts were posted for sale on the dark web.

Although hacks of this scale are rare, hacks in general are commonplace, and they occur across all industries. Even governments are not impervious to such catastrophic hacks and mistakes, as we saw in the summer of 2021 when UK government officials left classified documents at a bus stop.

It’s no wonder that people are concerned about the potential risks associated with the ETIAS. After all, it’s a database that includes the names, addresses, passport numbers, and travel details of everyone who applies. That is a lot of very sensitive information and if it falls into the wrong hands, it could be an unmitigated disaster for individuals, nations, and the entire European Union.

Who Has Access to ETIAS Data?

The ETIAS Central Unit and the ETIAS National Units are responsible for collecting and assessing information submitted via ETIAS applications. Through a system of automated checks and manual reviews, they will make sure that all details are accurate and up to date and that privacy standards are met.

Once data has been stored in the Central Unit, it will be accessible to a number of European border security agencies and officials, including Europol and Interpol. Other law enforcement agencies can request access to the data and if there is a valid reason for that access (including an ongoing investigation), it will be granted

The Central Unit will not be accessible by members of the public nor can it be accessed on a whim by national agencies. Only those with a genuine reason and express permission are given access.

Is the Central Unit Safe?

The ETIAS Central Unit uses state-of-the-art encrypted databases to ensure that all of the data is completely safe. Even if the data is somehow stolen, the fact that it is encrypted means it shouldn’t be readable.

What’s more, the data is compliant with the Charter of Fundamental Rights, ensuring the highest possible standards of data protection are met.

Is Data Stored Indefinitely?

Most ETIAS data is stored for 3 to 5 years:

  • The 3-year validity period has expired and the ETIAS is no longer valid, or
  • 5 years after ETIAS authorization has been refused, or
  • 5 years after ETIAS authorization was annulled or revoked.

However, some ETIAS data is stored for up to 3 years after the date of ETIAS expiry. This is designed to facilitate a faster and smoother renewal. If desired, the applicant can request that this information be removed.

Is The ETIAS Safe?

The ETIAS Central Unit contains a lot of sensitive information that you wouldn’t want to fall into the wrong hands, but it’s also one of the safest systems in the world.

Your information is safe.

It’s normal to be concerned about the safety of such a system in light of the aforementioned hacks, but we’re talking about government databases, not social media sites. It’s also worth remembering that we’re living in a digital age, one where everything from your medical records to your bank account details are stored online.

The systems that will keep ETIAS details safe are similar to the ones in operation around the world, and they have been protecting our data for many years.