What procedural steps should a traveler follow to request deletion or correction of their biometric data in the EES?
Executive summary
Travelers can request access, rectification or deletion of their EES personal data under the applicable data‑protection framework; member‑state authorities handle initial requests and dissatisfied applicants may complain to the authority that processed the request or to the European Data Protection Supervisor (EDPS) [1] [2]. EES is rolling out progressively from 12 October 2025 to April 2026 and will store biometric records (face, fingerprints) for a fixed retention (three to five years depending on category) with automatic deletion after those periods [1] [2].
1. How you start: ask the national authority that handled your EES registration
If you want to see, correct or delete EES data, the procedural first step is to submit a request to the national authority that processed your EES record at the border — that is the competent authority in the Member State where the data were recorded. The Dutch data‑protection page for EES explicitly directs travellers to ask the authority that handled the request first and says you can then complain if you are not satisfied with the reply or receive no reply [1].
2. What rights you can invoke: access, rectification, deletion, restriction
Under the EES regime and EU data‑protection law, travellers have the right to request access to their EES file, to ask for inaccuracies to be corrected (rectification), to request deletion where processing is unlawful, and to ask for restriction of processing — the exact remedies and their application are defined in EES rules and national practice [1] [2].
3. Practical steps at the border: seek a staffed lane and keep evidence
Guidance aimed at travellers recommends, if a problem is noticed at arrival or the self‑service kiosk, to go immediately to a staffed lane so an officer can finish or correct registration; any partial reads from kiosks are considered passed to the officer and the officer updates the record [3]. Document names, dates, border crossing point and the officer’s details, and retain boarding passes or stamps issued during the transitional roll‑out — these will be useful when you later ask for rectification or raise a complaint [3] [4].
4. Timelines and automatic deletion: what to expect after you ask
The EES system has defined retention periods: travel records remain in the system for between three and five years depending on data type, after which deletion is automatic [1]. The sources do not provide a single fixed timetable for how quickly national authorities must respond to individual correction or deletion requests; national procedures and deadlines are not detailed in the available reporting (not found in current reporting).
5. If the national response is unsatisfactory: escalate to data‑protection bodies
If your request for access, rectification, deletion or restriction is refused, inadequately handled or you receive no reply, you can submit a complaint to the national data‑protection authority that handled your request and, where relevant, involve the EDPS which has supervised EES deployment and offered guidance on data‑protection safeguards [1] [2].
6. What deletion means and its limits: unlawful processing vs. routine retention
Deletion is a remedy where processing is unlawful; it does not override the system’s designed retention rules for lawful processing. Some records are deleted automatically in predefined scenarios (for example, where a traveller obtains a residence permit) but routine entries are retained for the statutory period (three to five years) unless a successful legal basis for earlier deletion is invoked [5] [1]. The European Commission and EDPS stress that EES operations include safeguards like encryption, audit logs and automatic deletion at the end of retention periods [6] [2].
7. Competing viewpoints and hidden incentives to centralise control
EU institutions present EES as both a border‑management efficiency and a security tool; they emphasise compliance with data‑protection rules and technical safeguards [2] [6]. Privacy advocates are concerned about centralised biometric repositories and possible mission creep; the sources show both reassurance from officials about safeguards and continued scrutiny from data‑protection supervisors [6] [2]. National authorities implementing EES also have incentives to streamline border flows, which can lead to pressure to prioritise rapid registration over individual remedies at busy crossings [3] [7].
8. What the reporting does not say (limitations you should note)
Available sources do not provide a uniform, step‑by‑step national form or a single EU‑wide inbox for deletion requests, nor do they list statutory deadlines for national replies to individual rectification or deletion claims; those procedural details appear to be left to Member States and their national data‑protection authorities (not found in current reporting; p1_s3).
Actionable summary: begin with the national authority that handled your EES registration (ask at the border or contact that country’s data‑protection office), keep documentary evidence from your crossing, request access/rectification/deletion citing EES rights, and if unsatisfied escalate to the national supervisory authority and, if needed, to the EDPS [1] [2] [3].