Travel is finally back! After nearly two years away from visiting our favorite destinations, the promise of travel in 2022 is looking much more likely, with many countries reopening their borders to foreign nationals.

But, have you ever considered how “private” our travels are?

We voluntarily give personal data away at each desired destination in order to travel there, but what happens to all of those visa applications, fingerprints, and face scans after they’ve been collected? And how many other countries is this data shared with?

Here at Comparitech, we’ve explored the data requirements for travelers going to 50 different countries. We’ve analyzed what data is required from travelers before they enter the country, what data is collected upon arrival, how long this data is stored after their visit, and where the data may travel afterward to create a score out of 69. We’ve also looked at how the pandemic has changed things and how much additional data we disclose in order to make those all-important travel plans.

What did we find?

  • Every country has some form of facial recognition technology in airports
  • The majority of countries have or are thinking about implementing biometrics within the visa and/or arrival process
  • Most personal data, especially biometrics, is being stored for extensive periods of time or indefinitely
  • All airports/countries request advanced passenger information before a flight takes off so passengers’ details can be checked against systems
  • Every country bar Taiwan checks traveler data through INTERPOL’s shared database

A large number of countries share immigration/visa information with each other. Ironically, this means that travelers’ data could be traveling far further than the individuals themselves! For example, many EU countries share data with 35 fellow member states. So, if you traveled from the US to France, you’d travel around 3,600 miles (one way). From there, your data may travel to 35 further countries, traveling a total of 55,750 miles – at least.

Top 10 worst countries for collective traveler data

According to our findings, the countries that encroach most on travelers’ privacy are:

  1. The United States = 18.5/69: All visa applicants are required to submit fingerprints for US visas, with only 39 countries allowed to travel without a visa. Fingerprints of everyone entering and leaving the US are also taken. These biometrics are kept for 75 years (or until they’re no longer needed), while advanced passenger information is stored for 15 years and visa applications for seven years. Photos taken upon arrival in the US may only be stored for several hours or a maximum of 14 days. However, if you’re classed as an “in-scope” passenger, your mugshot could be stored for as long as 75 years. The US is also involved in the Five Country Joint Enrollment and Information-Sharing Project (FCC), EU PNR System, and INTERPOL data-sharing agreements. The US uses an interactive advanced passenger information system to keep track of travelers entering the country.
  2. The United Kingdom = 21/69: In the UK, visa applicants must submit their fingerprints for a UK visa and these will be checked upon arrival at UK borders. Gatwick Airport was the first UK airport to begin using iris scans in 2019. Over 110 countries require a visa for the UK and the information processed on the Borders, Immigration, and Citizenship System may be kept for 15 years (or 25 years if granted naturalization/settlement). Passenger Name Records and Advanced Passenger Information are kept for 10 years. Like the US, the UK is also part of the FCC, EU PNR, and INTERPOL data-sharing agreements.
  3. Australia = 22/69: Australia is another country that’s part of the aforementioned data-sharing agreements. All countries bar New Zealand require a visa to enter the country and fingerprints (4 minimum) are required upon entry. Visa application records may be kept for up to 15 years while all passenger movement records have been stored since 1981. PNR details are kept for 5 years as they are governed by EU law.
  4. China = 23.5/69: Even though China is only part of the INTERPOL data-sharing agreement, it still lacks points. This is due to fingerprints being a requirement for visa applications and upon arrival in airports. The majority of countries also require a visa to travel to China (only a small few are exempt for short stays or stopovers). Photos of travelers arriving in China’s airports are taken and there are minimal protections in place for all of this collected data. The Chinese Visa Application Center states that they can keep application data for seven years and biometrics for five (but may keep longer if they can’t delete it due to “legal reasons”). However, all of this information is transferred to embassies, consulates, and the governments, too, where it may be kept indefinitely.
  5. France = 24.5/69: France scores one point less than the rest of our European countries due to its use of an interactive advanced passenger information system. Standard (non-interactive) advanced passenger information systems transmit passenger data in one bulk message upon departure or following flight reconciliation, whereas interactive systems allow two-way, real-time communication and on a passenger-by-passenger basis.
  6. Austria, Belgium, Canada, Czech Republic, Estonia, Finland, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden = 25.5/69: All of these EU (and Schengen) countries tie in sixth place (with the addition of Canada) as they all require fingerprints for visa applications and share this data via the Schengen Information System. Fingerprints are also a requirement for Canada (at the border and in visas) and it is part of the FCC, EU PNR, and INTERPOL data-sharing agreements (but not the Schengen system). 107 countries require a tourist visa for the countries in Europe, while Canada requires almost 150 countries to acquire a visa for entry. As for storage periods, the European countries listed above store both PNR and biometric data for 5 years. In Canada, Passenger Name Records are stored for 3.5 years while biometrics are stored for 15 years. Canada also uses an interactive API system while the rest of the countries listed just use a standard API system.
  7. Bulgaria = 26/69: Even though Bulgaria follows a very similar structure to the EU (Schengen) countries listed above (storing PNR and biometric data for 5 years under EU law and sharing this data through the EU PNR and Schengen Information System, for example), it also has some requirements that differ from those ranked in 6th place. Fingerprints are only required ‘if applicable’ or in certain cases, only 29 countries can get visa-free access to Bulgaria, and proof of purpose of travel (including an invitation from friends/family/work permit) is also required.
  8. Romania = 26.5/69: Romania also has noticeable links with the EU/Schengen area by storing data for 5 years and being part of the SIS and EU PNR system. However, Romania only requires fingerprints from certain countries and travelers must provide proof of flight booking and occasionally a proof of health declaration.
  9. Ireland = 27/69: Ireland isn’t a Schengen country but is part of the Schengen Information System. It is also part of the EU PNR System and INTERPOL. Over 100 countries require a visa to enter Ireland with those from Nigeria, China, India, Pakistan, and Hong Kong having to submit their fingerprints with their visa application. As Ireland is governed by EU law, it has a maximum data retention period on this data of 5 years.
  10. New Zealand = 27.5/69: New Zealand is the fifth (and final) country to be part of the FCC agreement (but it isn’t part of the EU PNR agreement, unlike Australia). The majority of countries require a visa to travel to New Zealand. 59 countries are exempt but still require an NZeTA (New Zealand Electronic Travel Authority) which requires passport details. Not everyone will have to submit fingerprints for their visa application but those who do can have their fingerprints checked again upon arrival in New Zealand. When it comes to the information stored, NZ keeps passenger record details for 3 years, advanced passenger information for 5 years, visa applications for 2 years, and biometrics for 50 years.

International immigration data-sharing agreements

A worrying aspect of personal information collected by immigration authorities is that many of these countries share data with other countries’ law enforcement and intelligence agencies. Travelers’ data can end up all over the world and may be passed on to other agencies that have few safeguards in place for the data.

For example, Japan has become part of the EU’s Passenger Name Record (PNR) agreement. As we have seen, Japan’s data protection for visa, passenger, and biometric information is insufficient as there aren’t clear guidelines and data storage limits in place. Therefore, someone who has traveled to a more “data safe” country like Sweden could have their data transferred across to Japan where it may be left inadequately protected.

The map below indicates where your data may travel when you head to a particular country.

Upcoming developments to watch out for

As well as the aforementioned data privacy concerns, some ongoing trends could put travelers’ data at even greater risk. These include:

  • An increasing number of airlines implementing their own biometric systems: For example, Emirates already uses iris and facial scans for UAE passengers, allowing them to check-in, go through immigration, enter Emirate lounges, and board the plane by simply walking through a tunnel that has the technology installed. Equally, in the Netherlands, iris scans have been introduced to allow people to enter the Privium ClubLounge in Schiphol Airport.
  • The Schengen Entry/Exit System: Expected to launch towards the end of this year (September 2022) after sufficient delays. The system expands on the current visa system in Schengen areas by automating checks and creating a new register with travelers’ names, passport numbers, four fingerprints, and photos. It will also increase the amount of data shared between these countries (and those that are part of data-sharing agreements with Schengen states).
  • Brazil has signed a deal to implement the country’s first biometric boarding system at two airports: Cagonhas in Sao Paulo and Santos Dumont in Rio de Janeiro, making them the first in the country to have 100 percent biometric boarding for both passengers and crew. The deal was signed in February of this year.
  • Growing use of facial recognition: Only Nigerian airports weren’t publicized as having facial recognition technology as part of their security. Nevertheless, further surveillance with more advanced technology is inevitable in most airports.

How COVID-19 has affected travel

Over the last two years, the COVID-19 pandemic has prevented a lot of people from traveling while also increasing the amount of data collected. And even though some countries have removed all of their restrictions (the UK and Sweden, for example), there are still a large number of countries with additional requirements to the “norm.”

The most privacy-encroaching aspect of these changes are passenger locator forms which collect various pieces of traveler information. Most countries require these forms in addition to the Advanced Passenger Information (API) we looked at above.

For example, as of May 16, 2022:

  • France, Malta, and Slovenia use an EU Digital Passenger Locator form (dPLF). They are all protected by the GDPR data protection law and store passenger information for different periods. France (28 days), Malta and Slovenia (30 days). Slovenia only ‘recommends’ you fill the form in.
  • Spain has a Health Check Form for those who cannot provide a vaccination certificate. All data will be deleted 7 days after the date of travel indicated on the form.
  • Nigeria collects passenger information using a passenger pre-boarding health declaration and screening form. The data is stored for as long as necessary in a database where test results are verified and are only accessible by government authorities.
  • In Canada and the UAE, passengers have to submit health data onto mobile apps. For Canada, this is ‘ArriveCAN’ and in the UAE, it’s the ‘Al Hosn App’. The storage period for ArriveCAN data is for a minimum of 2 years from the last administrative use and for Al Hosn, for as long as the account is active.

Scoring

69 points are available in total.

  • Visa Requirements
    • Fingerprints = 0 points (or 1 point if only a few countries require these types of visas and/or fingerprints are only collected in some cases)
    • Fingerprints not required = 5 points
  • Photo
    • Photo taken = 0 points
    • Photo not taken = 2 points
    • Every Additional Document/Proof Not Required = 1 points (or 0.5 if only required sometimes/for selected countries) (16 additional points available)
  • # of Countries that Require Visas
    • Majority = 0 points (over 170 countries)
    • Large Number = 1 point (130 to 169 countries)
    • Over Half = 2 points (100 to 129)
    • Less Than Half = 3 points (50 to 99)
    • Few Countries = 4 points (49 or Less)
  • Advanced Passenger Information (API) System = 0 Points (Interactive API–iAPI), 1 Point (Standard API System), 2 Points (not required)
  • Airport Data Collected
    • Fingerprints/Iris Scans = 0 Points (all travelers), 1 point (visa travelers or other specific groups, e.g. refugees), 5 points (NO travelers)
    • Photos/Facial Scans = 0 points (all travelers), 1 point (visa travelers or other specific groups, e.g. refugees), 3 points (NO travelers)
    • Facial Scans (through eGates) = Yes (0), No (2)
  • Storage Periods
    • Passenger Name Records/Visa Details
      • Indefinitely/Over 10 Years or not stated and no comprehensive data protection law in place = 0 points
      • 5 to 10 Years or not stated but comprehensive data protection law in place = 1 point
      • For 5 years = 2 points
      • 3 to 4 Years = 3 points
      • Less than 3 Years = 4 points
      • Not Stored = 5 points
    • Biometrics
      • Indefinitely/Not Stated/Over 10 Years = 0 points
      • 5 to 10 Years = 1 point
      • For 5 years = 2 points
      • 3 to 4 Years = 3 points
      • Less than 3 Years = 4 points
      • Not stored = 5 points
  • International data-sharing agreements
    • Part of the Five Country Joint Enrollment and Information-Sharing Project (FCC) – Yes = 0 Points /No = 5 Points
    • Part of the EU PNR System – Yes = 0 Points /No = 5 Points
    • Part of the Schengen Information System – Yes = 0 Points /No = 5 Points
    • Part of INTERPOL – Yes = 0 Points /No = 5 Points

Methodology and limitations

To analyze each country and its traveler data, we first created the aforementioned categories before searching through relevant government sources and legislation to collate the data. We have only included a country where full data is available across all of the categories. And to ensure fairness, countries have only been assessed by the tourist/temporary visas they offer (business or longer-stay visas tend to have different requirements).

The “Proof of Health” category includes medical examinations that are required and/or documentation from doctors stating that a person is fit for travel. It does not include various vaccinations that may be required/recommended for travel to these countries.

Even though fingerprints aren’t required for all countries, every country has been scored on its biometric storage laws due to the fact every country requires photos for visas and uses some form of facial recognition technology in the airport.

It is likely that there are far more data-sharing agreements in place than the ones we have scored for. However, even though it is inevitable, these often remain largely unknown. That’s why we have focused on the four agreements (FCC, EU PNR, INTERPOL, and Schengen Information System) that are well known and clearly documented.

Sources

For a full list of data sources, please see here.

Data researchers: Charlotte Bond, Rebecca Moody