DHS Wants More than Biometrics in US-EU Data Sharing Agreement

The United States and the European Union have been shaping the Enhanced Border Security Partnership (EBSP) since 2022, a framework that would grant visa‑free entry to EU citizens in exchange for access to European biometric repositories. The latest draft, however, stops short of prohibiting the use of automated decision‑making tools at U.S. border checkpoints, leaving room for algorithms to influence entry outcomes. By linking travel convenience to the transfer of facial scans, fingerprints and, potentially, sensitive “special category” data, the proposal raises questions about the balance between security efficiency and individual privacy.

EU officials stress that any data flow must respect the GDPR’s extraterritorial safeguards, limiting transfers to strictly necessary and proportionate cases. The draft introduces a safeguard that automated decisions causing significant adverse effects cannot be made without human intervention, and that such use must be grounded in domestic law. Nonetheless, the language is vague, leaving U.S. agencies to define “appropriate level of protection” and consent mechanisms. Without a clear joint oversight body, disputes would be settled in national courts, potentially fragmenting enforcement across member states.

The recent one‑year contract between U.S. Customs and Border Protection and Clearview AI intensifies the privacy debate, as the firm’s database of over 50 billion scraped images has already attracted fines in several EU countries. European regulators view the integration of such a controversial facial‑recognition system into border operations as incompatible with EU data‑protection norms, risking legal challenges and eroding public trust. If the EBSP proceeds without stricter limits, the transatlantic data‑sharing model could become a flashpoint, prompting both sides to renegotiate terms or face a slowdown in cooperation on security and travel.