Data Privacy for Migrants: Unrealistic or Simply Neglected?


Migrants must be registered upon entering a country because collection of their data is necessary for administrative purposes and contributes to a host state’s security. Given their vulnerability, they depend on reliable data protection to ensure their safety. Reports show that data handling is not always as responsible as it should be. Therefore, this article explores what type of data and how much of it is necessary for a host state’s purposes and how to maximize the data protection of migrants while ensuring public safety.

The stages of involuntary migration – migrant, refugee, asylum seeker – come with different data requirements. The focus here shall be on the first interactions between the migrant and the local official or organization personnel. Ideally, governments and organizations would only collect the data necessary to provide the best possible support – yet the definition of “necessary” depends on who is in charge.

When migrants encounter border officials they must identify themselves and provide further data to determine their identity, vulnerability, and status. This includes demographic and biometric data such as name, age, place and date of birth, fingerprints, photographs, and nationality. Those with a valid ID have cleared the first hurdle: they can at least prove their name, age, and nationality. Others might have their social media account(s) inspected and answer questions about their home country (official languages, the flag, currency, customs, etc.) to establish their nationality. Next, a migrant generally must answer questions about his or her journey. Some examples are: Why are you fleeing? Were you a victim of violence? What is your destination? Do you have family or friends there? What could happen to you (and your family) if you return?

Power Asymmetry, Privacy Across Cultures, and Informed Consent

One of the key factors for responsible data handling is transparency between the involved parties. What allows for ambiguity, though, is the power asymmetry between migrants and border patrol agents or local government officials. Important information is not provided in most migrants’ native languages, which exacerbates this imbalance. Translators and cultural mediators are essential, but they cannot solve all communication issues, and are often not present at the first encounter. Finally, for a migrant to hold a border patrol agent accountable for breaking a rule is very hard, especially if the migrant is not informed about his or her legal rights.
While data sharing should theoretically take place under genuine and informed consent, this is not always the case. Migrants have little choice but to share their data because that is their “currency” for receiving vital resources. Many are not informed about their rights and the risks of sharing their data. Under these conditions true consent is impossible. Thus, there is a debate on the standards and limitations of migrant and refugee data protection: how and to what extent can administrators maximize efficiency yet sufficiently protect vulnerable data?

These problems often result in misunderstandings throughout the process that create larger problems. For example, an Italian case study tells the story of a young Syrian (Kaurin, 2019, 4) who fled the war and is gay. He was pressured into revealing his sexual orientation: “Okay, I’m gay. I’m from Syria, and I can’t talk about that publicly. I left Syria because of the war, but I also have this other problem.” According to the young Syrian, migrants often do not know which sensitive information they are required to share. And even if they know, countless cannot speak freely in front of their family or travel companion(s) for various reasons. This Syrian’s experience serves as an example of when a migrant is uncomfortable sharing personal information. He only revealed this information after the border patrol agents had alerted him to the fact that this was a "serious" issue. The implication was that his gender orientation could impact the assessment of his vulnerability - potentially helping him to advance in his immigration process.

A lack of clarity appears to be a broader problem: for migrants in Italy, “there was a general confusion” regarding the purposes of various data. At best, this uncertainty is bothersome; at worst, dangerous. Sensitive data leaks can result in blackmail, harassment, violence, identity theft, and persecution. Thus, as previously explained, researchers are debating how to enforce stricter confidentiality rules without overly compromising efficiency.

UNHCR Standards and Recommendations

Migrants are entitled to understand the purposes and risks of the collection, processing, and storage of their data. The United Nations High Commissioner for Refugees (UNHCR) is an agency responsible for refugee support by protecting their “rights and well-being.” According to UNHCR, the migrant’s consent is required for most procedures. They have the right to confidentiality and to know when it is restricted. Anyone working with UNHCR is obligated to confidentiality and to conceal from third parties which migrant is in contact with them. Disclosing information to third parties should only occur “for a legitimate purpose,” if it “would be consistent with UNHCR’s international protection mandate,” and if the safety of both parties is ensured. Migrants ought to be notified what data is shared with the host state. For underage migrants, the staff decides without consent what is best.

According to UNHCR’s mandate the organization is in contact with host state authorities, but share minimal data. This principally involves “basic bio-data” and who is denied “refugee protection.” Limited data samples from migrant files should be shared with authorities, and only for a specific purpose, such as persecution threats. UNHCR and other humanitarian organizations encourage national governments to follow international human rights laws when working with migrants and refugees.

A Possible Way Forward

Richard Black, head of the college of social sciences at the University of Birmingham, is an advocate for migrants’ privacy. To minimize discrimination, he has suggested asking for the same data the government requires eligible residents for “social services”. For instance, instead of asking a migrant about their background, they would only be required to provide the same data as a resident would in order for them to receive food or medicine. This approach would discourage discrimination against migrants. Nonetheless, the power asymmetry remains a fact.

Access to information, cultural differences, and the power asymmetries are three of the many challenges migrants face on their journey. It is in a host state’s interest to safeguard national security and public health. To enforce that, collecting certain migrant data is essential. Hence, when it comes to need-based migration, counting on voluntary consent to collect data is not a realistic part of the equation, but informed consent can be. Privacy may be of concern to both the migrant and the first patrol officer they speak with, but the migrant is the vulnerable one. More effort should be put into educating migrants and refugees on their rights and data sharing risks. Data handling methods also ought to be based on human rights. The most realistic approach is to ensure arriving migrants are informed about the purpose and risks of the collection of their data and safe data handling is practiced once it has been collected.