On 12 September 2018, Regulation (EU) 2018/1240 established a European Travel Information and Authorisation System (ETIAS) with the aim of identifying whether the presence of visa-exempt third-country nationals – soon to include UK nationals – in the territory of the Member States would pose a security, irregular migration or high epidemic risk.
To those ends, the ETIAS Regulation foresees that visa-free travellers will be required to apply for a travel authorisation prior to the date of their departure, in a similar manner to the US ESTA. In a previous piece we analysed how the categories of personal data collected are disproportionate for pre-vetting travellers and concluded that the EU falls below the standards expected from a global leader in data protection law.
In this follow-up piece, we expose the flawed tools that will be used for processing the ETIAS applications.