As the EU’s new EES officially comes into force this week, SmartSearch has issued a call for stronger transparency measures and privacy safeguards to protect the biometric data of travellers.
The EES will require most non-EU visitors to register fingerprints and facial scans when entering or leaving the Schengen area, which covers 25 of the 27 EU member states alongside Iceland, Liechtenstein, Norway and Switzerland. The new system is designed to modernise border controls by replacing manual passport stamps with digital checks, reducing queues and enhancing security tracking.
While the European Commission has positioned the EES as a major step forward for efficiency and security, SmartSearch has raised concerns about how the vast amounts of personal data collected will be stored, used and protected.
SmartSearch chief technology officer Stuart Morris said: “Consumers have been signing Terms & Conditions for apps on their smartphones for years, often unwittingly giving away certain rights to their data and likeness. However, as seen in the public response to the Online Safety Act, more questions are now being asked by the public when it comes to safeguarding their data and ensuring digital privacy. The UK government’s new EES digital ID scheme will be no different.”
Morris stressed that any large-scale identity or biometric initiative must prioritise privacy, consent and accountability to sustain public trust. “Establishing robust and trusted identity online has arguably never been more important to combat rising levels of identity fraud, theft and financial crime – as well as improving border security,” he said. “But the government will need to consider how to put as much control of their digital ID data into the hands of the individual to create a foundation of trust.”
He added that collaboration between regulators and private sector firms will be crucial to ensure the success and acceptance of such initiatives. “Continued collaboration between regulators and the private sector will help to ensure universal acceptance of the initiative. Existing schemes like the Digital Identity & Attributes Trust Framework will help to certify and recognise businesses and solutions that can be trusted to provide digital ID verification, all while respecting individual’s privacy and data ownership when it comes to how that information is used, accessed and stored for the future.”
Morris also emphasised that trusted digital identity frameworks could simplify everyday processes, such as mortgage applications and business onboarding, but only if built on principles of transparency and user control. “For example, with digital identity framework, a first-time buyer could confirm their ID instantly with their lender, avoiding the delays of document uploads and manual checks. Or a small business owner could use the same verified ID to open a bank account or sign supplier contracts online, saving time and reducing risk,” he explained.
However, he cautioned that without strong legal and technical safeguards, there is a risk of government overreach. “Without strong legal and technical safeguards, there is a risk of government overreach — where an ID system designed for convenience gradually expands into wider areas such as travel, taxation, healthcare, banking, or even access to benefits and political participation. The system must protect citizens from surveillance and coercion, not enable it.”
SmartSearch’s warning reflects growing public concern over how biometric and digital identity data are managed in an era of heightened surveillance and cyber risk, particularly as the EU and UK roll out new systems designed to strengthen national and border security.
Keep up with all the latest RegTech news here
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
