Under the General Data Protection Regulation (GDPR), ‘purpose limitation’ is a requirement that personal data be collected for specified, explicit, and legitimate purposes and not be processed further in a manner incompatible with those purposes. The EES complies with this and other data protection principles, such as “data protection by design and data protection by default”, and the requirements of necessity, proportionality, and data quality.
Safeguards are in place to ensure the rights of travellers as regards the protection of their private lives and personal data. Their personal data will only be retained in the EES for as long as necessary and for the purpose(s) for which it was collected.
Read more on biometrics and data held on the EES.